Warning: include_once(/home/antonaylward/InfoSecBlog/public/wp-content/plugins/wordpress-support/wordpress-support.php): failed to open stream: Permission denied in /home/antonaylward/InfoSecBlog/public/wp-settings.php on line 304

Warning: include_once(): Failed opening '/home/antonaylward/InfoSecBlog/public/wp-content/plugins/wordpress-support/wordpress-support.php' for inclusion (include_path='.:/usr/local/lib/php:/usr/local/php5/lib/pear') in /home/antonaylward/InfoSecBlog/public/wp-settings.php on line 304
FOSS « The InfoSec Blog
The InfoSec Blog

Control objectives – Why they are important

Posted by Anton Aylward

http://blog.iso27001standard.com/2012/04/10/iso-27001-control-objectives-why-are-they-important/

Let us leave aside the poor blog layout, Dejan's picture 'above the fold' taking up to much screen real estate. In actuality he's not that ego-driven.

What's important in this article is the issue of making OBJECTIVES clear and and communicating (i.e. putting them in your Statement of Objective, what ISO27K calls the SoA) and keeping them up to date.

Dejan Kosutic uses ISO27K to make the point that there are high level objectives, what might be called strategy[1], and the low level objectives[2]. Call that the tactical or the operational level. Differentiating between the two is important. They should not be confused. The high level, the POLICY OBJECTIVES should be the driver.

Yes there may be a lot of fiddly-bits of technology and the need for the geeks to operate it at the lower level. And if you don't get the lower level right to an adequate degree, you are not meeting the higher objectives.

Open source and commercial support

Posted by antonaylward

In a discussion of Open Source vs Closed Source/Commercial ...

Voice 1: Maybe because they're not customers? (in the paying for a service sense)
Voice 2: Well, I don't understand that model. I expect to pay for code that someone writes because otherwise I cannot expect someone to stand by the stuff when it doesn't work.

Ironically I've never found that to be the case.

The stuff I pay for, cable service, hosting; and the stuff I use that someone else pays for (i.e the people I work for), commercial hardware, software and service; are the other way round to what you might think.

The support sucks!