One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 5303407 |
| Date de publication | 2022-06-21 11:28:45 (vue: 2022-06-21 00:05:55) |
| Titre | WANTED: a set of infosec principles we can all agree on |
| Texte | The SecAware corporate information security policy template incorporates a set of generic principles for information risk and security such as "Our Information Security Management System conforms to generally accepted good security practices as described in the ISO/IEC 27000-series information security standards." and "Information is a valuable business asset that must be protected against inappropriate activities or harm, yet exploited appropriately for the benefit of the organization." Despite being reasonably happy with the 7 principles I selected, I would prefer to base the policy on a generally-accepted set of infosec principles, akin to the OECD Privacy Principles first published with remarkable foresight way back in 1980. There are in fact several different sets of principles Out There, often incomplete and imprecisely stated. Different authors take different perspectives, emphasizing different aspects, and the contexts and purposes also differ. It will be an 'interesting' challenge for ISO/IEC JTC 1/SC 27 to tease out, elaborate on, fine-tune and hopefully reach consensus on a reasonably succinct, coherent, comprehensive set of generally-applicable 'concepts and principles' for the next edition of ISO/IEC 27000. I just hope the learned committee doesn't end up specifying a racehorse looking something like this ... |
| Envoyé | Oui |
| Condensat | there i it different 1/sc 1980 27000 accepted activities against agree akin all also applicable appropriately are aspects asset authors back base being benefit business can challenge coherent committee comprehensive concepts conforms consensus contexts corporate described despite differ different doesn edition elaborate emphasizing end exploited fact fine first foresight generally generic good happy harm hope hopefully imprecisely inappropriate incomplete incorporates information infosec interesting iso/iec jtc just learned like looking management must next oecd often organization out perspectives policy practices prefer principles privacy protected published purposes racehorse reach reasonably remarkable risk secaware security selected series set sets several something specifying standards stated succinct such system take tease template tune valuable wanted: way will would yet |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.