Today marks the end of my first week with my new employer. I'm very excited about the group that I will be working with, and the challenges ahead.
Looking forward, an integrated management system is in the future, based on ISO 20000 and ISO 27001. Yet another expansion of the "Carlson System" as developed and taught by Tom Carlson, the Dalai Lama of ISMS.
The family is very happy to have me home, and I think that I am finally getting the travel lag behind me. I don't think that there has been a night this week where I've been awake past 9:00 PM...
I've lagged behind in posting online, but plan on picking up the pace as projects progress, to share the lessons learned.
Scott
Friday, December 7, 2007
Wednesday, August 1, 2007
Friday, July 20, 2007
ISO 27002 renaming - the real scoop
OK, so there has been discussion lately about the renaming of ISO 17799 to ISO 27002, and what the changes have really meant.
The only change is the addition of a Technical Corrigenda to the original ISO 17799:2005 document.
While ISO doesn't charge for the Technical Corrigenda, they will sell the original ISO 17799:2005 as ISO 27002:2007.
Why? The answer may be frustrating to some of you, but here it is:
ISO will not change the actual body of the document until it undergoes the scheduled review cycle, which begins in 2008. A Technical Corrigenda usually means that changes to a document are done to correct a blatant verbiage or technical problem. Sometimes, they are utilized as a means to update a document outside the review cycle, but this is done rarely.
Is this deceptive? It is certainly not meant to be so. This is just another example of how bureaucracy works, and ISO has very structured rules on how things are accomplished.
If you have ordered ISO 27002:2007 thinking that you were getting an entirely new document, and you already own ISO 17799:2005, I would encourage you to contact them for a refund.
Another alternative, by the way, is to look to National Bodies such as ANSI to see what their pricing is on their electronic stores. There are multiple delivery mechanisms out there to purchase these standards.
Don't look for the actual document to be changed to reflect ISO 27002 until well after 2008, when the review cycle is done.
Oh - and for those of you who haven't seen why the changeover occurred, it is to bring the standards into allignment with the 27000 series of standards.
If you have any questions or comments, please feel free to let me know.
Scott
The only change is the addition of a Technical Corrigenda to the original ISO 17799:2005 document.
While ISO doesn't charge for the Technical Corrigenda, they will sell the original ISO 17799:2005 as ISO 27002:2007.
Why? The answer may be frustrating to some of you, but here it is:
ISO will not change the actual body of the document until it undergoes the scheduled review cycle, which begins in 2008. A Technical Corrigenda usually means that changes to a document are done to correct a blatant verbiage or technical problem. Sometimes, they are utilized as a means to update a document outside the review cycle, but this is done rarely.
Is this deceptive? It is certainly not meant to be so. This is just another example of how bureaucracy works, and ISO has very structured rules on how things are accomplished.
If you have ordered ISO 27002:2007 thinking that you were getting an entirely new document, and you already own ISO 17799:2005, I would encourage you to contact them for a refund.
Another alternative, by the way, is to look to National Bodies such as ANSI to see what their pricing is on their electronic stores. There are multiple delivery mechanisms out there to purchase these standards.
Don't look for the actual document to be changed to reflect ISO 27002 until well after 2008, when the review cycle is done.
Oh - and for those of you who haven't seen why the changeover occurred, it is to bring the standards into allignment with the 27000 series of standards.
If you have any questions or comments, please feel free to let me know.
Scott
Sunday, April 29, 2007
TAG
TAG stands for Technical Action Group. These are the groups responsible for assisting in the performance of standards development.
Thursday, April 19, 2007
Welcome to my Blog
Welcome to my first Blog....
ISMS is a passion for me, and I'd like to have a spot to keep people informed as to what is going on with the ISMS standards that are in place and under development. I also plan on using this to post my thoughts and observations regarding these standards.
Several years ago, I utilized ISO 27001 and ISO 17799 at my past employer to develop and implement, and certify an Information Security program. Since then, I've dedicated part of my time to working on standards development.
Right now, that means being involved with the process as the U.S. International Representative to ISO JTC1/SC27 for ANSI/INCITS CS/1, which is the TAG in the U.S. that does this work.
But for now, time is short between airplanes and I'll have to pick that up on my next post.
Scott
ISMS is a passion for me, and I'd like to have a spot to keep people informed as to what is going on with the ISMS standards that are in place and under development. I also plan on using this to post my thoughts and observations regarding these standards.
Several years ago, I utilized ISO 27001 and ISO 17799 at my past employer to develop and implement, and certify an Information Security program. Since then, I've dedicated part of my time to working on standards development.
Right now, that means being involved with the process as the U.S. International Representative to ISO JTC1/SC27 for ANSI/INCITS CS/1, which is the TAG in the U.S. that does this work.
But for now, time is short between airplanes and I'll have to pick that up on my next post.
Scott
Subscribe to:
Posts (Atom)