August 25, 2013 The Truth About Best Practices An article on Linked entitled ‘The Truth about Practices” started a discussion thread with some of my colleagues. The most pertinent comment came from…
May 30, 2013 Confusion over Physical Assets, Information Assets in ISO-27000 I often explain that Information Security focuses on Information Assets. Some day, on the corporate balance sheet, there will be an entry which reads,…
May 14, 2013 Does ISO 27001 compliance need a data leakage prevention policy? On one of the ISO-27000 lists I subscribe to I commented that one should have a policy to determine the need for and the…
March 26, 2013 What is the goal behind calculating assets in ISO-27000? My friend and colleague Gary Hinson said about asset valuation in ISO-27000 So, for instance, it’s hard to say exactly how much the HR…
March 31, 2012 Help on ISO-27000 SoA This kind of question keeps coming up, many people are unclear about the Statement of Applicability on ISO-27000. The SoA should outline the measures…