The InfoSec Blog

Control objectives – Why they are important

Posted by Anton Aylward

http://blog.iso27001standard.com/2012/04/10/iso-27001-control-objectives-why-are-they-important/

Let us leave aside the poor blog layout, Dejan's picture 'above the fold' taking up to much screen real estate. In actuality he's not that ego-driven.

What's important in this article is the issue of making OBJECTIVES clear and and communicating (i.e. putting them in your Statement of Objective, what ISO27K calls the SoA) and keeping them up to date.

Dejan Kosutic uses ISO27K to make the point that there are high level objectives, what might be called strategy[1], and the low level objectives[2]. Call that the tactical or the operational level. Differentiating between the two is important. They should not be confused. The high level, the POLICY OBJECTIVES should be the driver.

Yes there may be a lot of fiddly-bits of technology and the need for the geeks to operate it at the lower level. And if you don't get the lower level right to an adequate degree, you are not meeting the higher objectives.

Tagged as: , , , , , , , , , , , , , , Continue reading

Open source and commercial support

Posted by antonaylward

In a discussion of Open Source vs Closed Source/Commercial ...

Voice 1: Maybe because they're not customers? (in the paying for a service sense)
Voice 2: Well, I don't understand that model. I expect to pay for code that someone writes because otherwise I cannot expect someone to stand by the stuff when it doesn't work.

Ironically I've never found that to be the case.

The stuff I pay for, cable service, hosting; and the stuff I use that someone else pays for (i.e the people I work for), commercial hardware, software and service; are the other way round to what you might think.

The support sucks!

Tagged as: , Continue reading
   

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

Categories

Archives

Calendar of Posts

July 2017
M T W T F S S
« Nov    
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Meta

Security Links