Some reasons that is commonly given by organization members to avoid change in the process.
1. Nothing has happened for the past X years. What is going to happen now and why do you want all these security
2. How is the organization benefited out of implementing information security practices…??? How much will be the profit…???
Tags: Information Security, Information Security Management System
ISMS Implementation Guide is one of my first white papers which was written out of my personal experience in implementing Information Security practices in an organization using the BS ISO/IEC 17799:2005 framework. This paper is intended to give an insight and help, those who are implementing this for the first time and for those who will be coordinating with external consultants for ISMS implementations in their organizations.
Please download the document here:
ISMS Implementation Guide
Tags: Information Security, Information Security Management System, Information Security Risk Assessment, ISO 27001:2005
Organizations that intend to do a partial implementation of Information Security practices using BS ISO/IEC 27001:2005 need to note down these points which is a part of the standard.
Refer to your BS ISO/IEC 27001:2005 document under point 1 Scope.
1. Scope
1.1 General
This international Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This international Standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
Here is a comparison of the changes that has been made in the new standard. This document gives you a one to one mapping, which is much easier to understand. It is very helpful when organization would like to upgrade from their existing BS7799 implementation.
File Download: Right-click on the link below and select “Save target as”. Once the download is complete, change the extension from “.pdf” to “.xls” and you are ready to go.
Objective:
It is always a good practice to identify the risks involved in any implementation process. This is pertaining to the ISMS implementation and I have highlighted 6 points that is critical to this subject. These are based out of my experience and if there is anything more, please feel free to share it with the community.
Tags: Information Security, Information Security Management System, ISO 27001:2005
You are currently browsing the archives for Wednesday, April 4th, 2007
Arclite theme by digitalnature | powered by WordPress