One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 5422140 |
| Date de publication | 2022-06-28 08:29:13 (vue: 2022-06-27 21:05:36) |
| Titre | The business context for information risk and security |
| Texte | Although the organisational/business context is clearly relevant and important to information risk and security management, it is tricky to describe. In my opinion, clause 4 of ISO/IEC 27001 is so succinct that it leaves readers perplexed as to what 'context' even means. It stops short of explaining how to determine and make use of various 'internal and external issues' in an Information Security Management System. So, to help clients, I wrote and released a pragmatic 5-page management guideline on this for the SecAware ISMS toolkit, expanding on this neat little summary diagram:  With about a thousand words of explanation and pragmatic advice, the guideline has roughly ten times as many words as clauses 4.1 and 4.2 ... or twenty times if you accept that the picture is worth a thousand words. It was written independently of, and complements, ISO/IEC 27003's advice in this area.Although I am happy with the SecAware ISMS toolkit materials as they are, I'm always looking for improvement opportunities, ways to add more value for clients. I'm currently working on, or at least thinking about:A set of fundamental information risk and security principles;A guideline on the Risk Treatment Plan and Statement of Applicability;Something on security engineering. |
| Envoyé | Oui |
| Condensat | in so 27001 27003 about about:a accept add advice although always applicability;something are area business clause clauses clearly clients complements context currently describe determine diagram: engineering even expanding explaining explanation external fundamental guideline happy has help how important improvement independently information internal isms iso/iec issues least leaves little looking make management many materials means more neat opinion opportunities organisational/business page perplexed picture plan pragmatic principles;a readers released relevant risk roughly secaware security set short statement stops succinct summary system ten thinking thousand times toolkit treatment tricky twenty use value various ways what words working worth written wrote |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.