One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 2148846 |
| Date de publication | 2020-07-10 19:01:37 (vue: 2021-01-06 20:37:57) |
| Titre | NBlog July 11 - the small but perfectly formed ISMS |
| Texte |  Consulting for small organisations lately to design and implement their ISO/IEC 27001 Information Security Management Systems, resourcing constraints often come to light, particularly the lack of information security expertise and knowledge in-house. I have previously taken this to indicate lack of understanding, support and commitment from senior management, insufficient priority relative to all the other important stuff going on, hence my abiding interest in elaborating on the business case for investing in information risk and security management. Currently, though, I'm gaining a new-found appreciation of the realities of running a small business where even IT may be done on a shoestring, leaving information security way out on a limb. With barely enough cash-flow to sustain the business during COVID-19 and the obvious need to focus on core business activities, it's no surprise if ISO27k implementation and certification projects take a back seat for now. That delaying tactic, however, leaves the business more exposed meanwhile, increasing the probability and impacts of incidents that should have been avoided, prevented or mitigated. It can lead to missed business opportunities and customer defections as they turn to certified competitors rather than waiting for the assurance an ISO/IEC 27001 compliance certificate would bring. It reduces trust and devalues brands. All in all, it's a risky approach.Putting the ISMS implementation on hold is not the only option, however. With some creative thinking, it is possible to keep the project moving along, albeit at a slower pace:A bare-bones minimalist ISMS, barely adequate to satisfy the standard's mandatory requirements, may not deliver all the business benefits of good practice information risk and security management ... but it is both certifiable and better than nothing. A small but perfectly formed ISMS demonstrates the organisation's genuine commitment to information risk and security management, gaining the assurance value of the certificate to third parties without the investment necessary for a full-blown ISMS. Furthermore it is a perfectly valid and sensible starting point, a platform or basis from which to mature the organization's information risk and security management practices as and when it proves its value. It's a pragmatic approach. Being a pragmatist, I like that. Partnering with consultants reduces the pressure on employees, demonstrates management's support (more than just the intention to resume the ISMS project 'at some point'), and keeps up the momentum. Based on our practical experience and knowledge of the standards, we can generally help clients navigate the process by the shortest and most direct route, perhaps making small diversions only where it makes business sense. Speaking for myself, I'm happy to regulate m |
| Envoyé | Oui |
| Condensat | $99 it 27001 abiding according activities activity adapting add additional adequate albeit all almost along already amount announce another anyway appreciation approach are arise assurance avoided back background bare barely bargain based basis became been before being benefits better blocks blown bones bonus both brake brands brief bring build building business but can case cash certifiable certificate certification certified cheap clear client clients coherent com come commitment competitors complete completely compliance consistent constraints consultants consulting content controls core course covid creative currently customer day deciding defections delaying deliver demonstrates design details devalues direct diversions documentation done down driver during elaborating elsewhere emphasis employees enough essential etc even example experience expertise explanation exposed extra fateful fill flow focus formed found from full functional furthermore future gaining gathering generally genuine gigs going good guidance happy has have having help hence here hold house however human impacts implement implementation important incidents incorporating increasing indicate information insufficient intention interest interests investing investment involvement isms ismss isn iso/iec iso27k its itself job jobs juggle july jump just keep keeps knowledge lack lately launchpad lead leaves leaving lets light lightweight like limb looking main makes making manage management mandatory matching material materials mature may meanwhile meetings mentioned merely mine minimalist missed mitigated momentum more most mostly moving myself navigate nblog necessary need needs new next not notes nothing noticebored now obligations obvious often one only opportunities option optional organisation organisations organization other out pace pace:a package pared parked parking particularly parties partnering perfectly perhaps place platform plus point policies portfolio possible practical practice practices pragmatic pragmatist prepare prepared preparing pressure prevented previously priorities priority probability process project projects proves provide put putting quietly rather realities reason rebranding reduces regulate relative release released remove requirements resisted resourcing resume risk risks risky roadblocks route routine running satisfy seat secaware security seizing senior sense sensible service shoestring shortest should since slower small some speaking standard standards start starting stuff subtle suite super supplementary support surprise sustain systems tactic take taken template temptation than then there things thinking third those though through trust turn understanding using valid valuable value vast waiting want way weave what when where which wishes within without workload would |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.