InfoSecMinds

For like-minded people

Posts Tagged Information Security

ISMS Implementation – The bottom-Up approach

Oct 23

Posted by Vinod Puthuseeri in Information Security, ISO 27001:2005 | 1 Comment

All the while we have been hearing and believing that ISMS implementation in any organization requires management approval without which it would be a failure. True!!!

For any project in an organization for that matter, management approvals are a must cause for a project to kick-start and complete with desired results, requires resources, budget, tools etc. These can be achieved only if the project manager shows the management that there is value created by doing this project which could favor the organization. The value could be of many ways which ultimately boils down to making profits or avoiding monetary/image loss.

Read the rest of this entry »

Tags: , ,

Password Management

Apr 7

Posted by Vinod Puthuseeri in Information Security | No Comments

Let me narrate a small story here to show you how a server administrator and an Information Security Officer (ISO) of an organization struggle to protect organization assets.

ISO of the organization has the password policy written and it says that the user password should be

• minimum of 8 characters long
• password lock-out at 3 failed attempts
• expires once in every 45 days
• Should be a combination of uppercase, alpha-numeric and special characters

Policy handed over to the server administrator and it has been implemented across the organization.

Read the rest of this entry »

Tags:

Reasons to avoid change

Apr 4

Posted by Vinod Puthuseeri in Information Security | 1 Comment

Some reasons that is commonly given by organization members to avoid change in the process.

1. Nothing has happened for the past X years. What is going to happen now and why do you want all these security

2. How is the organization benefited out of implementing information security practices…??? How much will be the profit…???

Read the rest of this entry »

Tags: ,

ISMS Implementation Guide

Apr 4

Posted by Vinod Puthuseeri in ISO 27001:2005 | No Comments

ISMS Implementation Guide is one of my first white papers which was written out of my personal experience in implementing Information Security practices in an organization using the BS ISO/IEC 17799:2005 framework. This paper is intended to give an insight and help, those who are implementing this for the first time and for those who will be coordinating with external consultants for ISMS implementations in their organizations.

Please download the document here:
ISMS Implementation Guide

Tags: , , ,

Key Points to BS ISO 27001:2005

Apr 4

Posted by Vinod Puthuseeri in ISO 27001:2005 | No Comments

Organizations that intend to do a partial implementation of Information Security practices using BS ISO/IEC 27001:2005 need to note down these points which is a part of the standard.

Refer to your BS ISO/IEC 27001:2005 document under point 1 Scope.

1. Scope
1.1 General
This international Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This international Standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.

Read the rest of this entry »

Tags: ,