The ability to see within an enterprise with operations requiring various technologies in information, communication, operational, security and compliance, or two or more of these, finds stakeholders, or the need to adjust techniques and make, some ingenious ways to be more effective in their responsibilities and deliverables or production. Enterprise technology is not an area and language to be used where there are only some specializations involved but which still within the confines of information technology. IT may have been serving utility operations or energy generation for sometime already and yet stakeholders cannot see how to work hand-in-hand to increase their own efficiency, and the output for which customers are very dependent. There are efforts but they remain completely separate and the result is the bigger realizations and concerns about costs rather than creation of value from the start, not just when profits began to come in. If IT is not clearly use in such environmen
It is new and got published 13 Feb 2010! This standard, accordingly, focuses on the critical aspects needed for successful design and implementation of an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2005. It describes the processes of ISMS specification and design from inception to the production of implementation plans, obtaining management approval to implement an ISMS, defines a project to implement an ISMS and provides guidance on how to plan the ISMS project, resulting in a final ISMS project implementation plan.
The ISMS or ISO/IEC 27000 family composition:
- 27000 is overview and vocabulary (can be downloaded here for free);
- 27001 is requirements;
- 27002 is code of practice;
- 27004 is measurement;
- 27005 is IS risk management;
- 27006 is requirements for bodies providing audit and certification;
- 27011 is guidelines for the telecommunications industry.
The above are published documents and more from this family of standards are still in development stages.
The ISMS or ISO/IEC 27000 family composition:
- 27000 is overview and vocabulary (can be downloaded here for free);
- 27001 is requirements;
- 27002 is code of practice;
- 27004 is measurement;
- 27005 is IS risk management;
- 27006 is requirements for bodies providing audit and certification;
- 27011 is guidelines for the telecommunications industry.
The above are published documents and more from this family of standards are still in development stages.
Comments