One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 4397299 |
| Date de publication | 2022-04-05 17:31:41 (vue: 2022-04-05 06:05:31) |
| Titre | Infosec control attributes paper completed |
| Texte |  Yesterday, I completed and published the white paper on information security control attributes. Today I drafted a set of comments on ISO/IEC JTC 1/SC 27's proposed Preliminary Work Item for ISO/IEC 27028, using content from the white paper to build a 'donor document' with fairly minor changes in accordance with ISO's rquired structure and format. It includes the following summary: "This document extends the concept of 'control attributes' introduced in ISO/IEC 27002:2022, discussing a wider variety of factors potentially worth bearing in mind when considering, selecting, designing, using and reviewing information security controls. Control attributes are a powerful and flexible tool for information security management purposes, a novel way to design, manage and improve an organisation's approach to mitigating unacceptable information risks, supplementing more traditional or conventional methods. The document includes pragmatic suggestions on how to make use of control attributes in the business context, with a worked example illustrating the approach." Once the comments are submitted, we must wait patiently to see how much of it (if any!) makes it through to the Working Draft, blended with inputs and comments from other committee members. Although it seems to take 'forever' to develop new standards, I'm hoping that the donor document will set the project off to a flying start.Meanwhile, I'm actively looking for opportunities for clients to start using control attributes as an integral part of their ISO27k information risk and security management activities - designing better, more relevant and meaningful security metrics for instance. If that or any other ideas in the paper catch your imagination, please comment below or email me (Gary@isect.com). I see a lot of potential business value in control attributes: how about you? |
| Envoyé | Oui |
| Condensat | 1/sc 27002:2022 27028 about accordance actively activities although any approach are attributes attributes: bearing below better blended build business catch changes clients com comment comments committee completed concept considering content context control controls conventional design designing develop discussing document donor draft drafted email example extends factors fairly flexible flying following forever format from gary@isect hoping how ideas illustrating imagination improve includes information infosec inputs instance integral introduced iso iso/iec iso27k item jtc looking lot make makes manage management meaningful meanwhile members methods metrics mind minor mitigating more much must new novel off once opportunities organisation other paper part patiently please potential potentially powerful pragmatic preliminary project proposed published purposes relevant reviewing risk risks rquired security see seems selecting set standards start structure submitted suggestions summary: supplementing take through today tool traditional unacceptable use using value variety wait way when white wider will work worked working worth yesterday your |
| Tags | Tool |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.