Welcome to the second edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to 17799 and related information security issues. The newsletter comprises a combination of inclusive articles and the identification of useful and topical sources on the web.
This edition covers:
The first edition of ISO17799 News prompted a number of questions related to resources to help achieve compliance or certification. The following have therefore been identified as leading players for the various topics:
SECURITY POLICIES (ISO17799 Section 3)
The quality of security policies is of fundamental importance, as is their scope and relationship with ISO17799. The RUsecure Information Security Policies are one of several sets of 'off the shelf' policies that can be obtained commercially.
However, they are distinctive not only because of their quality, but because they fully embrace ISO17799. In fact, they optionally cross reference the standard, creating assurance for anyone who seriously wishes to demonstrate compliance.
The policy set is shipped in MS-Word format, enabling full editing to meet individual corporate demands. More information on these policies can be obtained from: RUsecure Information Security Policies
DISASTER RECOVERY PLANNING (ISO 17799 Section 11)
Disaster recovery planning (or business continuity planning) is sometimes not fully embraced because it is seen as difficult or resource intensive. However, the recent trend is towards simplicity - to enable continuity planning to be grasped and implemented readily and easily.
The leading player in this trend is the BCP-Generator. This comprises of two components: a template for a plan and an interactive guide to help you populate it. Both are MS-Word driven, enabling full control and flexibility. If you already have a plan, and perhaps wish to audit it or audit your contingency arrangements, The Disaster Recovery Toolkit is of similar ilk.
Both these products are described at: The Disaster Recovery Shop
RISK ANALYSIS (ISO17799 - throughout the standard!)
There is little doubt about the most ISO17799 aligned, and indeed, the most well known risk analysis product - COBRA. COBRA provides a fully comprehensive risk analysis capability ("risk analysis made easy") as well as providing a front line ISO17799 compliance management function.
Information on risk analysis itself, and COBRA in particular, can be obtained from www.riskworld.net