Security awareness, training and education
We’re working on a new white paper about the value of awareness, training and education as part of an ISO27k ISMS. Watch this space ...
ISO27k case studies
Icelandic information security consultancy Stiki ehf has released a series of short case studies on ISO/IEC 27001/2 implementations:
Electricity supplier Landsvirkjun  Landspítali-University Hospital Insurance company Sjóvá TM Software
Please thank Stiki for kindly allowing us to share these case studies with you. If you have similar ISO27k-related cases etc. you’re willing to share with our visitors, please get in touch.
French language ISO27k white papers
ISO 27000: Le nouveau nirvana de la sécurité? and ISO 2700x: une famille de normes pour la gouvernance sécurité were co-written by a member of the ISO27k Implementers’ Forum whose organization was certified compliant with ISO/IEC 27001. Fantastique!
Top information security risks for 2008
This white paper was created by a willing group of volunteers from both the CISSPforum and the ISO27k Implementers' Forum. We decided to list the top information security threats, vulnerabilities and impacts separately, and then generate a consolidated list of information security risk scenarios, and finally a list of recommended controls. While the lists may be of some lasting interest, the risk analysis and collaborative working process was fascinating for those involved.
Information security frameworks overview 
If you are a little confused about the range of frameworks, standards and guidelines for information security, an annotated PowerPoint slide presentation  by Rob Slade will help you set things in context. The ‘speaker notes’ add a lot of meat to the bones. Mmmm tasty!
Terms and conditions of use
If you wish to use the white papers and other materials on this website including those in the ISO27k Toolkit, please respect the copyright terms and conditions. These materials are provided without charge to you but they cost time and money to produce. Legally speaking, they remain someone’s property.
Materials from the ISO27k Forum (including most of those in the ISO27k Toolkit) are released under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 license. Under the license terms, you are welcome to reproduce, circulate, use and create derivative works from these materials provided that (a) they are not sold or incorporated into a commercial product, (b) they are properly attributed to the ISO27k Implementers’ Forum based here at ISO27001security.com, and (c) all derivative works are shared under the same license terms.
Other materials belong to the respective authors or their employers and may be shared under different terms and conditions. Please read the embedded copyright notices and, if necessary, contact the copyright holders directly for permission to use or reproduce them.
Copyright is important not just for legal compliance reasons but to encourage further contributions. Stealing or plagiarizing copyright materials upsets the authors and puts others off. Little thank-you notes requesting permission to copy/use them make our day.
|
