One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 2148845 |
| Date de publication | 2020-09-04 14:22:25 (vue: 2021-01-06 20:37:57) |
| Titre | NBlog July 15 - ISO27k ISMS products |
| Texte |  Having drafted a generic requirement specification for systems supporting an ISO27k ISMS, I'm slowly trawling the Web for products in the hope of finding apps, templates and services that we would be willing to use ourselves and recommend to our consulting clients.So far I've found about 20 commercial or open-source ISMS systems plus maybe twice that number of risk management systems, plus quite a variety of more focused systems supporting incident management, business continuity, vulnerability management, patch management etc. It's a confusing, sprawling and dynamic market … so I'm also working on a structured evaluation process that will help us pick out gems from the stones on offer, depending on our own and our clients' specific needs.Along the way, I've picked up murmurings of discontent from customers saddled with low-quality content supplied with some ISO27k ISMS systems and toolkits. Aside from variation between the products, could it be, I wonder, that some of the products currently on offer are inadequate because customers vary so much in size, complexity, maturity etc. having different expectations or requirements? Could this be a side-effect of ISO27k's intended application to all organizations, resulting it being jack-of-all-trades and master-of-none? We could develop generic content specifically targeting particular market segments or types of organisation ... but instead we've started with the basics that every ISO27k ISMS needs with the intention of offering optional add-ons, giving customers more choice. One of those options is to develop custom materials and support individual customers to implement and optimise their ISMSs using appropriate systems/tools, provided we can convince management of the value of our consultancy services - and that's a tough sell, especially during COVID-19. Doing it all in-house may be a viable option if the organisation has the people with the requisite skills, competencies, knowledge and experience. That seems unlikely if there is no ISMS already in place - catch 22. There's also the matter of the time needed for people to learn the ropes and get up to speed with the ISMS, given all the other things on the go: the longer things drift along, the more the organisation remains subject to information risks that may not be managed effectively.I'm working on other options too. More info to follow. Watch this space. |
| Envoyé | Oui |
| Condensat | one we about add all along already also application appropriate apps are aside basics because being between business but can catch choice clients commercial competencies complexity confusing consultancy consulting content continuity convince could covid currently custom customers depending develop different discontent doing drafted drift during dynamic effect effectively especially etc evaluation every expectations experience far finding focused follow found from gems generic get given giving go: has having help hope house implement inadequate incident individual info information instead intended intention isms ismss iso27k jack july knowledge learn longer low managed management market master materials matter maturity may maybe more much murmurings nblog needed needs none not number offer offering ons open optimise option optional options organisation organizations other ourselves out own particular patch people pick picked place plus process products provided quality quite recommend remains requirement requirements requisite resulting risk risks ropes saddled seems segments sell services side size skills slowly some source space specific specifically specification speed sprawling started stones structured subject supplied support supporting systems systems/tools targeting templates that there things those time too toolkits tough trades trawling twice types unlikely use using value variation variety vary viable vulnerability watch way web will willing wonder working would |
| Tags | Vulnerability |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.