Information security compliance
A complementary (and complimentary!) pair of white papers from the NoticeBored security awareness subscription service explain why compliance is such an important driver for information security these days. The first white paper compares and contrasts different types of information security framework . The second describes a broad range of security frameworks from A-to-Z .
ISO27k case studies
Tackling ISO27001 - A Project to Build an ISMS was part of David Henning’s GIAC Certified Project Manager Gold certification. The paper describes the implementation of an ISO/IEC 27001-compliant ISMS using the Project Management Institute’s Project Management Body of Knowledge (PMBOK) within a satellite broadband company subject to PCI-DSS. There are excellent pointers here for others implementing an ISMS.
Icelandic information security consultancy Stiki ehf has released a series of short case studies on ISO/IEC 27001/2 implementations:
Please thank Stiki for kindly allowing us to share these case studies with you. If you have similar ISO27k-related cases etc. you’re willing to share with our visitors, please get in touch.
French language ISO27k white papers
ISO 27000: Le nouveau nirvana de la sécurité? and ISO 2700x: une famille de normes pour la gouvernance sécurité were co-written by a member of the ISO27k Forum whose organization was certified compliant with ISO/IEC 27001. Fantastique!
Terms and conditions of use
If you wish to use the white papers and other materials on this website including those in the ISO27k Toolkit, please respect the copyright terms and conditions. These materials are provided without charge to you but they cost time and money to produce. Legally speaking, they remain someone’s property.
Materials from members of the ISO27k Forum (including most of those in the ISO27k Toolkit) are released under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 license. Under the license terms, you are welcome to reproduce, circulate, use and create derivative works from these materials provided that (a) they are not sold or incorporated into a commercial product, (b) they are properly attributed to the ISO27k Forum based here at ISO27001security.com, and (c) if they are shared, derivative works are shared under the same license terms.
Other materials belong to the respective authors or their employers and may be shared under different terms and conditions. Please read the embedded copyright notices and, if necessary, contact the copyright holders directly for permission to use or reproduce them.
Copyright is important not just for legal compliance reasons but to encourage further contributions. Stealing or plagiarizing copyright materials upsets the authors and puts others off. Little notes to us requesting our permission to copy/use them make our day.