One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 2681635 |
| Date de publication | 2021-04-23 15:58:38 (vue: 2021-04-23 05:05:20) |
| Titre | KISS or optimise your ISO27k ISMS? |
| Texte | From time to time as we chat about scoping and designing Information Security Management Systems on the ISO27k Forum, someone naively suggests that we should Keep It Simple Stupid. After all, an ISO27k ISMS is, essentially, simply a structured, systematic approach for information risk management, isn't it? At face value, then, KISS makes sense. In practice, however, factors that complicate matters for organizations designing, implementing and using their ISMSs include different: Business contexts – different organization sizes, structures, maturities, resources, experiences, resilience, adaptability, industries etc.; Types and significances of risks – different threats, vulnerabilities and impacts, different potential incidents of concern; Understandings of 'information', 'risk' and 'management' etc. – different goals/objectives, constraints and opportunities, even within a given organization/management team (and sometimes even within someone's head!); Perspectives: the bungee jumper, bungee supplier and onlookers have markedly different appreciations of the same risks; Ways of structuring things within the specifications of '27001, since individual managers and management teams have the latitude to approach things differently, making unique decisions based on their understandings, |
| Envoyé | Oui |
| Condensat | 27001 ;addressing about above accepting according accountability achieved actively activities actual actually adaptability adapting added addressed advantages advising after ahead aim all alleged also alternatively altogether analysis analyze analyzing any anything applications applies: apply appreciations approach approaches appropriate are area arise array aspects assessment associated assumptions assurance attention attraction auditors audits authorization avoid bargain based been behind believe benefits best better between bits blind blog bogs box bungee bureaucratic business but bypass can certifiable certificate certification chance change changes changing chart chat choosing clear clearly commitment communicate: communicating complexity compliance complicate complicated complicated:an complicating computer concern; consider constantly constraints context context: contexts control controls convention/s conventional conversely coping costs course critical crude customers cut cyber date dealing decide decisions depends depth deserve design designing despite details diagrams different different: differently difficult diligence disclosing distinct does doing don done doubt down draw driving due dynamics: each ear effective effort either either: engagement enjoy entail essentially establish etc evaluate evaluating even ever example examples exercise exist expectations experience experiences experiencing/coping explaining exploiting exploring external/certification extras face fact factors failure feel figure fine flexible focus forever forum from fully funding further futures gain gained gaining generally generating get getting given goal; goals/objectives good governance graph greater guess handle handy hard hardly has have having head help hinting hopefully hoping how however ideally identified identify identifying ignoring illustrative impact impacts implementation implemented implementing implications implies important improve inaccurate inappropriately incidents include including increasing individual industries ineptly informally information insiders; instance integral integrity interest internal interrelated investment involvement involves isms ismss isn iso/iec iso27k issues its jumper just justifying keep key kiss know landscape latitude learning least like likely linearly lists little looking luck made maintaining make makes making manage management managers managing manner many markedly matter matters mature maturities may meaning means measuring mechanism messages metrics might minimalist minor misleading missed misses missing moment monitor monitoring more most much must naively named narrowly near needs neglected nightmare nimble not noted notes number objectives obvious obviously oft once one ones onlookers operating operation operational opportunities opposed opposite optimal optimise organization organization/management organizations other others ought out outcome outpaced over overly paper paradoxically part parties partners parts people per perceived perhaps personal personally perspectives: pig pigs place plan planning plans plus point point; potential practical practice predict prefer preference prejudices prepare pressures pretending priorities priority probability probably produced project properly proposals providing provocative purely purposes put quantifying quite rank rate rather read real really reason recognition reconsidering red related relating relative relatively relying remain resilience resilient resources response review reviews right rigid risk risks risks: risks; routine sake same sands satisfies scales scope scoped scoping scratch scratching security seeking sense sensible sensitive setting several shifting should significances simple simplicity simplified simply since situation situations sizes skip small some someone something sometimes soon specialists specifications spoken start step steps: structured structures structuring stuff stupid subset sufficient suggests superficial supplementary supplier suppliers support sure systematic systems take tape team teams techniques test th |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.