One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 457119 |
| Date de publication | 2018-01-10 10:47:49 (vue: 2018-01-10 10:47:49) |
| Titre | NBlog January 10 - archives come in pairs |
| Texte |  The NoticeBored security awareness program moves on to the next topic for February: 'protecting information' is the working title, a deliberately vague term giving us plenty of latitude. Exactly what we will bring up, how we will raise and discuss things, the specific awareness messages we will be drawing out and so on is not determined at this point. It will become clear during January as we complete our prep-work and develop the awareness materials.This morning, in connection with a discussion thread on the ISO27k Forum, I've been contemplating information risk management in a general sense by thinking through a situation, coming up with a specific example that draws out a much broader learning point.Briefly setting the scene, the thread was started by someone asking whether it is really necessary under ISO/IEC 27001 to have a policy on risk-assessing valuable documents individually. We talked about grouping related assets together (such as 'Contents of cupboard 12') and controls (such as electronic backups) but the original poster circled back to the question of whether the ISO standard itself mandates a policy:"I understood that I need to classify our assets according to their importancy and risk. But in general, would this cupboard-labeling method work according to ISO 27001 policies? For example, we have a lot of paperform documents in three cupboards and I would sort them all in some way, and make the cupboard lockable and label the cupboard according to the sorting and put the label into my inventory list. Would that violate any ISO 27001 policy?"So this morning, I wrote this ... . . . o o o O O O o o o . . .Here's an important information security control that, as far as I |
| Envoyé | Oui |
| Condensat | if and exactly is our shouldn to 27001 about accept according achieve against ago all analysis any approach archival archive archived archives are area aside asking assessing assets assistance avoid aware awareness axe back backed backup backups because i become been been others befall before behave being risk big books briefings briefly bring broader business business/commercial but calling can careful case circled classify clear come coming commercial compensation complete compliance computer concerning connection considered consultants contemplating content contents control controls copy cost could courses crazy cupboard cupboards damaged data decade deciding dedicated deliberately despite destroyed determined determining develop differently disasters discuss discussion disk disks documents doubling drawing draws drive driven due duplicate during effectively elaborate electronic elsewhere engaged enormously entire even everything exactly example experienced explicitly express facility facsimile far february february: fire first flames flood floppy foreseeable form formal formally forms forth forum forums forward from general given giving good google got grouping had happen happens hard harm have haven having head help here here: history hits hoping how identification identified illustrate illustrative impetus importancy important improve including incorporate individually information insurance inventory iron irreplaceable isms isn iso iso/iec iso27k issues itself january jolly journey just know label labeling lapped latitude learning least legal list literally lockable london long lost lot luck luckily maintained make makes management mandates match materials may mentioned messages method methods might mind misalignment missing mitigate module monitored more morning most mountain moves much nblog necessary need needs never next nobody normally not noticebored now objectives obvious one only organization original other out over pair pairs paperform pay people perhaps physical physically piece place plenty point points policies policy policy: possible poster precisely prep presentations probably procedures program protecting protection put question raise ramifications read really reasons records related relation remember retained right risk risks same scenario scenarios scene security see sense separately serious setting share shouldn simply situation sized some someone something somewhere sort sorting speak specific standard standards start started starts store stored straightforward strategies stressed strong study stuff such sufficient take takes talked talking task term that them theme then thing things think thinking those though thought thread three through title today together tools topic treatment treatments trousers truly turn unclear under understood undoubtedly used useful vague valuable value various versus violate warehouse way we will went what whether why will wiping won work worker workers working worries would wrote yet you your … “irreplaceable†|
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.