Top information security risks for 2008

This white paper was created by a willing group of volunteers from both the CISSPforum and the ISO27k Implementers' Forum. We decided to list the top information security threats, vulnerabilities and impacts separately, and then generate a consolidated list of information security risk scenarios, and finally a list of recommended controls.

While the lists are of some interest, the risk analysis and collaborative working process was fascinating for those involved.

Information security frameworks overview

If you are a little confused about the range of frameworks, standards and guidelines for information security, an annotated PowerPoint slide presentation by Rob Slade will help you set things in context. The ‘speaker notes’ add a lot of meat to the bones. Mmmm tasty!

ISMS implementation and certification process

The ISMS implementation and ISO/IEC 27001 certification process diagram is a flow chart outlining the main steps in the process. This is a generic diagram - the details will vary from situation to situation. Click the thumbnail below for a full-sized version:

Terms and conditions of use

Please observe the copyright conditions. 

Documents, spreadsheets etc. from the Forum are released under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 license. You are welcome to reproduce, circulate, use and create derivative works from these papers provided that (a) they are not sold or incorporated into a commercial product, (b) they are properly attributed to the ISO27k Implementers’ Forum based at ISO27001security.com, and (c) all derivative works are shared under the same license terms.

Papers from individuals belong to the authors or their employers. Please read the embedded copyright notices and, if necessary, contact the copyright holders directly for permission to use or reproduce them.