One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 409099 |
| Date de publication | 2017-08-20 08:05:50 (vue: 2017-08-20 08:05:50) |
| Titre | NBlog August 20 - FREE ISO27k audit guideline |
| Texte |  Over the last few weeks, I've been busy with a virtual team of volunteers updating an ISMS audit guideline written prior to the 2011 release of the ISO/IEC standards 27007 (Guidelines for information security management systems auditing) and 27008 (Guidelines for auditors on information security controls). One of our goals at the time was to contribute to the development of the standards.Meantime, not only have those two standards been published, but ISO/IEC 27001 and 27002 have also been updated ... so there was a lot of updating to do.Our guideline is aimed at internal auditors, specifically IT auditors tasked with auditing either:the management system parts of an Information Security Management System; orthe information security controls being managed by the ISMS.In ISO27k, the management system is a combined governance and management framework - a structured approach similar to those for managing quality assurance, environmental protection and more. Auditing it is fairly straightforward because 27001 is quite explicit about what it should be. The guideline goes beyond certification auditing, though. Even if the ISMS fulfills the requirements of the standard, it may not satisfy the organization's needs. |
| Envoyé | Oui |
| Condensat | and auditing both the 100 2011 27001 27002 27007 27008 about acknowledges aimed also another approach appropriate are areas assess assignment assurance audit auditing auditor auditors august ballooned because been before being beyond busy but catalog certification checklist combined complexity comprehensive comprehensive picture concern contribute controls custom daunting decide details develop development download dss either:the entire entirely environmental especially even explicit fairly feel framework free fulfills given goals goes going governance guideline guidelines have how identify ignoring information instance instead internal isms iso/iec iso27k issues just last like literally hundreds lot of main managed management managing matter may meantime meets more nblog needs not number one only organization organizations orthe over overview pages parameters particular parts pci points possible prospect protection pruned published quality quite reasonably detailed release requirements risks satisfy say security should similar simple skimming specifically stage standard standards status straightforward structured suggestion suggests system system; systems tasked team them then those though thought through time toolkit totally tough town treat two updated updating use using variety viciously virtual volunteers wants weeks what whatever where workplan written prior |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.