One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 4206047 |
| Date de publication | 2022-03-01 20:18:41 (vue: 2022-03-01 08:05:29) |
| Titre | Infomation security control attributes |
| Texte |  Today I completed and published a 20-page white paper about 'control attributes', inspired by those used in ISO/IEC 27002:2022The concept behind the paper has been quietly brewing for a couple of months or more, taking the past few weeks to crystallise into words in a form that I'm happy to share publicly.In a nutshell, 'attributes' are characteristics or features that can be used to categorise, sort or rank information security controls by various criteria. That simplistic concept turns out to unlock some powerful possibilities, described pragmatically in the paper. It's a more innovative and valuable technique than it may appear.Along the way, I regret inadvertently upsetting the team of JTC 1/SC 27 editors working on ISO/IEC 27028 by sharing an incomplete draft with them in the hope it might become the basis of the initial draft of the new standard. During a Zoom meeting. At 3:00am, NZ time. I wasn't at my best. Ooops.Anyway, now the paper is 'finished' and published, I'm hoping to prompt debate and insightful comments, gathering useful feedback and especially improvement suggestions from readers, leading in turn to a better document to submit (through the proper process, this time!) to the SC 27 project team. We may unfortunately have missed our opportunity to deliver a complete 'donor document' to use as the first working draft of the new standard but all is not lost. The paper's suggestions on how to use attributes will, I hope, make a substantial contribution to the second working draft, and in time inform the issued standard. It is published under a Creative Commons licence. Exposure, discussion and insightful comment is what I'm after so, in addition to this blog, I have notified the 4,500 members of the ISO27k Forum about the paper and released it to an unknown number of LinkeDinners.Care to join the gang? Download the paper here.Share and discuss it with your peers and colleagues.Rip it to shred |
| Envoyé | Oui |
| Condensat | during it the 1/sc 27002:2022the 27028 3:00am 500 about accompanying addition after all along angles anyway appear april are attributes basis become been behind best better blog boyo brewing but can care categorise characteristics colleagues com comment comments commons complete completed concept contribution control controls couple creative criteria crystallise david day debate deliver described develop discuss discussion document donor download draft drop due editors email especially even every expand exposure features feedback find finished first form formal forum from gang gary@isect gathering happy has have here hope hoping how imagine improvement inadvertently incomplete infomation inform information initial innovative insightful inspired iso/iec iso27k issued join jtc last later leading licence linkedinners lost make may me: meeting members mid might milk missed month months more new not notified now number nutshell ooops opportunity out page paper past peers possibilities powerful pragmatically process project prompt proper proposal ps publicly published quietly rank readers regret released rip second security share sharing shreds simplistic some sort standard submit substantial suggestions taking team technique than them then those through time today turn turns under unfortunately unknown unlock upsetting use used useful valuable value various voting wasn way ways weeks what white will words working your zoom |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.