One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 480928 |
| Date de publication | 2018-02-14 12:59:46 (vue: 2018-02-14 12:59:46) |
| Titre | NBlog February 14 - IoT security & privacy standard |
| Texte | I've just added another new page to ISO27001security.com for ISO/IEC 27030, a standard now being developed for IoT security and privacy.I've been arguing for years that it would be appropriate, since they specify a risk-based approach to security management, for the ISO27k standards to specify the information risks they address. To that end, I've published a PIG (Probability Impact Graph) graphic from the NoticeBored security awareness module on IoT and BYOD, to set the ball rolling ... There seems little chance of persuading ISO/IEC to incorporate such a colorful image in the standard, unfortunately, but hopefully the analytical approach will at least prove useful for the project team busily drafting the new standard.On the web page I've described the red and amber zone IoT risks. I'm sure we could have an excellent discussion about those and other risks in the committee, except there is never enough time at the twice-yearly SC27 meetings to get far into the nitty-gritty of stuff like this. Instead I'll see whether I can raise any interest on the ISO27k Forum, perhaps feeding relevant content and creative suggestions to SC27 via formal comments submitted by NZ Standards - the tedious, antiquated, laborious, slow and expensive approach that we are presently lumbered with. It hardly seems worth the effort. |
| Envoyé | Oui |
| Condensat | 27030 about added address amber analytical another antiquated any approach appropriate are arguing awareness ball based been being busily but byod can chance colorful com comments committee content could creative described developed discussion drafting effort end enough excellent except expensive far february feeding formal forum get graph graphic from gritty hardly have hopefully image impact incorporate information instead interest iot iso/iec iso27001security iso27k just laborious least like little lumbered management meetings module nblog never new nitty noticebored now other page perhaps persuading pig presently privacy probability project prove published raise red relevant risk risks rolling sc27 security see seems set since slow specify standard standards stuff submitted such suggestions sure team tedious those time twice unfortunately useful web whether will worth would yearly years zone |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.