SEARCH RESULTS
 
Showing 1-10 of 43 records
 
Expand article

What is a Wise Risk Decision Worth? or ISO 27001 KPIs Follow Up

2008-12-03 15:47:11 by Alex in RiskAnalys.is
 
...ISO 27001 Google Group How I can communicate the value of an ISO implementation to non-security management This question came to me after one of the posters on the ISO Google Group asked about KPIs for ISO implementation. Got great responses in email, blog comments , and on Twitter from current/former CISO folks and consultants and analysts....
 
Tags: iso, iso google, iso adoption, iso implementation, iso folks, iso adoption helps, risk, google iso compliance, iso implementation differs
 
 
 
 
Expand article

Thoughts on ISO 27005

2009-01-06 17:10:59 by Alex in RiskAnalys.is
 
...ISO/IEC 27005 First edition 2008-06-15 Information technology Security techniques Information security risk management Technologies de linformation Techniques de sécurité Gestion du risque en sécurité de linformation As you can probably guess, Ive got opinions. And since were both here (me writing, you reading) why dont I let you know...
 
Tags: risk, risk based, risk estimation, actual management, estimation, management, executive management, risk management, portfolio risk
 
 
 
 
Expand article

Effective Security with a Continuous Approach to ISO 27001 Compliance

2008-07-10 13:00:00 by Editor in Computerworld Security News
 
...ISO 27001 standard is primarily referred to as the Information Security Management System (ISMS) certification standard. Organizations that seek to implement an ISMS are examined against ISO 27001. As with several global standards, the scope of this standard is far reaching, with several sets of control objectives and guidelines. Its...
 
Tags: iso, tripwire enterprise, tripwire enterprise solution, adopt iso, tripwire, certification standard, certification, standard, plague companies
 
 
 
 
Expand article

KPIs for ISO 27001? Do Such Things Exist?

2008-12-02 13:48:41 by Alex in RiskAnalys.is
 
...ISO 27001 Google Group , the following question was just posed Dear Implementers What could be the KPIs by which I, being Management Representative can show complete picture in a compiled brief/short report? Your response would be highly awaited Which I think is a great question! Talk about no-nonsense. None of this high-falutin nonsense...
 
Tags: management representative, kpis, strategic currency, high-falutin nonsense, iso adoption, non-security management, iso implementation, dear implementers, briefshort report
 
 
 
 
Expand article

How To Burn An ISO Image To A Bootable CD

2007-10-09 00:26:44 by Editor in Irongeek's Security Site
 
New Video: How To Burn An ISO Image To A Bootable CD Ok, I know it does not seem a worth topic for the Hacking Illustrated Series InfoSec Tutorial Videos, but you have to admit the question gets asked a lot. Now we have something to point people to when they ask on forums how to burn an ISO using a free application. Feel free to link to this...
 
Tags: iso, iso image, bootable cd, free, free application, question, worth topic, link, lot
 
 
 
 
Expand article

ISO 27001 Adoption Poll Results are In

2008-08-28 09:00:00 by Dave Howell in Speaking of Security, the RSA Blog and Podcast
 
...ISO 27001" adoption. A question posed to readers at the end of the piece: "How far off are we from the point at which ISO 27001 certifications in the U.S. are standard operating procedure for businesses -- the exception, rather than the rule Well, the results are in! Our servers nearly crashed thanks to the influx of responses, but,...
 
Tags: iso, results, piece, question posed, adoption, weeks ago, standard, rule, influx
 
 
 
 
Expand article

The Long Road Towards an ISO 27001 "Tipping Point" (and a true Reader's Poll!)

2008-07-22 00:00:00 by Dave Howell in Speaking of Security, the RSA Blog and Podcast
 
...ISO 27002 , or active work to get the standard implemented in some fashion. This isn't necessarily surprising, particularly when you're talking with highly regulated companies or those more apt to understand information risk management, overall (e.g., those in banking, insurance and utilities, or more recently, thanks to PCI DSS , retail)....
 
Tags: security controls, information risk management, security, steady increase, deep view, incredibly broad, adopt iso, pci dss, types
 
 
 
 
Expand article

ISO Security Standards - JTC27 Trip Report

2008-10-24 13:38:15 by mcurphey in Mark Curphey - SecurityBuddha.com
 
If you are interested in following whats happening in the ISO Security Standards world, you can navigate to the CISG blog and read our trip report. http://blogs.msdn.com/cisg
 
Tags: trip report, cisg blog, blogs, msdn, comcisg
 
 
 
 
Expand article

How Do I Get ISO27001 Certification?

2008-05-20 17:31:23 by Posted By: Carsten Casper, Research Director in IT Leaders - Security and Risk Management
 
...ISO 27001 (or at least of its U.K. predecessor, BS7799-2). Now, more and more people wonder: How do I get a certificate for my organization? While in some countries (such as the U.K. and Germany), it's more common to get a certificate, in the U.S. it's not. Well, there are two ways to approach this: Find an accredited auditor (person), or...
 
Tags: certification body, body, register, international register, body schedules, list, international standard iso, tv companies, iso
 
 
 
 
Expand article

Risk Management and Analysis Standards Update

2008-06-17 16:51:27 by Alex in RiskAnalys.is
 
...ISO risk management stuff, theres OCTAVE and NIST 800-30 and AS/NZ 340 and CRAM and FRAP and others And this is where I think FAIR and The Open Group have a good fit. FAIR as a model for analysis, does not compete but rather compliments OCTAVE and NIST 800-30 and ISO 2700x (That reminds me, Rybolov, Ive got to respond to your 800-30 article)....