ISO 27001 is out. Should you care? Well...

by Anton Chuvakin

Related link: http://17799-news.the-hamster.com/breaking-news-2.htm



ISO have finally come with "Information Security Management Systems Requirements" or ISO/IEC 27001:2005. It "defines an Information Security Management System, creating a framework for the design, implementation, management and maintenance of IS processes throughout an organization." The linked blurb also explains how this new 27001 standard relates to old 17799 standard.


So what? My point exactly! :-)


3 Comments

Phase9
2005-10-21 10:34:11
ISO 27001
You really are clueless aren't you. If you cannot see why standards are beneficial, and why a security management standard will have significant implications, it isn't my job to educate you.


I sigh heavily and shake my head.


anton_chuvakin
2005-10-24 08:09:36
ISO 27001
While I swore to never call another person names on a public forum, I was tempted to make an exception in this case :-)


In any case, it is *obvious* that standards are a good thing for security! I believe in this so much that I am actually heavily involved in at least two important standard efforts (OVAL and CVSS).


Standards, however, tend to bring the most benefits when they are - surpsise! :-) - adopted for the real-world use. First, I have to admit not having first-hand experience implementing ISO17799 in a large organization. However, from what I hear from people who do, adoption is a bit of problem for this one.


*This* is the sole reason for my skepticism, expressed in the blog entry. ISO17799 and the new 270001 might be fun documents to read and learn from, but I suspect they will not impact the world in the short term...

Phase9
2005-10-24 12:44:11
ISO 27001
"from what I hear from"


Indeed. Perhaps you should "hear from" people outside your own circle Mr Right.


Inadmissible in any court, and pretty much a written confesion of no first hand experience on a blog.


Again, I sigh and shake my head.