One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1495747 |
| Date de publication | 2019-11-19 20:20:14 (vue: 2020-01-03 15:00:04) |
| Titre | NBlog Nov 18 - enough is enough |
| Texte |  Keeping ISO27k Information Security Management Systems tight, constrained within narrow scopes, avoiding unnecessary elaboration, seems an admirable objective. The advantages of ISMS simplicity include having less to design, implement, monitor, manage, maintain, review and audit. There's less to go wrong. The ISMS is more focused, a valuable business tool with a specific purpose rather than a costly overhead. All good. However, that doesn't necessarily mean that it is better to have fewer ISMS documents. In practice, simplifying ISMS documentation generally means combining docs or dispensing with any that are deemed irrelevant. That may not be the best approach for every organization, especially if it goes a step too far.Take information security policies for example. Separate, smaller policy docs are easier to generate and maintain, {re}authorize and {re}circulate individually than a thick monolithic “policy manual”. It's easier for authors, authorisers and recipients to focus on the specific issue/s at hand. That's important from the governance, awareness and compliance perspective. At a basic level, what are the chances of people actually bothering to read the change management/version control/document history info then check out all the individual changes (many of which are relatively insignificant) when yet another updated policy manual update drops into their inbox? In practice, it aint gonna happen, much to the chagrin of QA experts!On the other hand, individual policies are necessarily interlinked, forming a governance mesh: substantial changes in one part can have a ripple effect across the rest, which means someone has the unenviable task of updating and maintaining the entire suite, keeping everything reasonably consistent. Having all the policies in one big document makes maintenance easier for the author/maintainer, but harder for change managers, authorisers and the intended audiences/users. |
| Envoyé | Oui |
| Condensat | all at damn extending having if it separate that the there across actually admirable advantages again aint all already alternative another any approach approaches are area areas assets associated audiences/users audit author/maintainer authorisers authorize authors avoiding awareness balance basic basis bear best better big both bothering bottom business but can careful: chagrin challenging chances change changes check circulate clearly coherent combining complex compliance concept cons consistent constrained control control/document corporate costly costs database deemed design dispensing doc docs document documentation documents document” doesn drop drops each easier effect elaboration elsewhere enough entire especially essentially even every everything example experts extending facility far fewer find flow focus focused forming from generally generate generic given goes gonna good governance governing guidance hand happen harder has have having health here history however hybrid immediately implement implications important inbox include individual individually inevitably info information inherently insignificant instance intended interlinked introduce involved irrelevant isms iso27k issue issue/s itself just keeping least leaves less level line: linking links lot maintain maintaining maintenance makes manage management management/version managers managing manual manual” many marginally master materials may mean means mesh: mind monitor monolithic more much multiplies myriad narrow nblog necessarily not nov objective obscure obvious offer one only organization other out overhead part people perspective plus point policies policy practical practice problems procedures pros protecting purpose rather rationalising reaching read reasonably recipients red reduce related relatively relevant requiring rest review rigidity ripple ripples risk s less safety say scopes security seems sense set simplicity simplifying smaller some someone specific specifically standards stated step structuring subsidiary substantial such suite system systems take tape task tenuous than that then there thick think those tight too tool tougher training trick unenviable unnecessary update updated updates updating used using valuable way ways: what whatever when which within without word worse worth wrong yet your “compound “policy |
| Tags | Tool |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.