Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

enterprise security policy, ISMS

Posted on 2014-02-19
4
Medium Priority
?
506 Views
Last Modified: 2014-03-11
i was asked to deploy a  ISMS,although i`ve never done this before. if anyone has some templates ready,id be very grateful.
0
Comment
Question by:DukewillNukem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 39871947
What is ISMS ?? Need more details
0
 
LVL 65

Accepted Solution

by:
btan earned 1500 total points
ID: 39872069
i believe ISMS is referring to the ISO 2700x stuffs, meaning the information security mgmt system.

http://www.iso27001standard.com/en/free-downloads
http://www.iso27001security.com/
http://www.iso27001security.com/html/iso27k_toolkit.html

Below are useful resources you can tap to but note that the latest is ISO 27001:2013 instead of the 27001:2005. Organizations currently certified should not expect much difficulty in transitioning from the 2005 version to the 2013 version. So good to focus on 2013 instead..

Some question to ask oneself first..
a) How long does it take to implement ISO 27001 / BS 25999? @ http://blog.iso27001standard.com/2011/11/08/how-long-does-it-take-to-implement-iso-27001-bs-25999/

b) Do you really need a consultant for ISO 27001 / BS 25999 implementation?
http://blog.iso27001standard.com/2011/12/06/do-you-really-need-a-consultant-for-iso-27001-bs-25999-implementation/

The above is pretty nice article from a writer whom is quite experience and share tips in implementing and achieving the certification. Another is the differences on 2005 and 2013 version.

http://blog.iso27001standard.com/2013/01/28/a-first-look-at-the-new-iso-27001-2013-draft-version/ 

A big change here: these are not mentioned within some other requirements, but now there are separate clauses with very concrete rules. The rules are that you need to set clear objectives, you need to define who will measure them and when, and you need to define who should analyze and evaluate those results. Further, comprehensive plans need to be developed that will describe how the objectives will be achieved.

The biggest change is there are no preventive actions anymore, at least not at first sight – they are basically merged in risk assessment and treatment, where they naturally belong.

Note the new controls and those retired one ...

http://blog.iso27001standard.com/2013/02/11/main-changes-in-the-new-iso-27002-2013-draft-version/

naturally, controls from ISO 27001 Annex A cannot change without changing ISO 27002 because the essence of these two standards is to be aligned. Since the structure of ISO 27002 is completely aligned with controls from ISO 27001, all these changes are also valid for new ISO 27001 Annex A.
0
 

Author Comment

by:DukewillNukem
ID: 39920081
this looks good.does anyone have a template which i can directly use?
0
 
LVL 65

Expert Comment

by:btan
ID: 39920246
So far, no public template but the ISO document would already serves as general baseline to chart further customisation to your need and environment
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question