Standards Policy Security

Information, books, tools and training for developing and implementing an information security management system in line with the international best-practice specification ISO/IEC 27001.

• Top/Business/International Business and Trade/International Organization for Standardization - ISO

• The SoGP - Information on the Standard of Good Practice for security Information Security, standards which is published by the ISF security and addresses information security standards from a business perspective.
• ISO/IEC 27002:2005 Information Technology - Code of Practice for Information Security Management - ISO site outlines the contents of the standard.
• BITS Financial Services Roundtable - Security assessment questionnaire and review process based on ISO/IEC 27002 policy (access requires free registration). Also information on the overlaps policy between ISO/IEC 27002, PCI-DSS 1.1 and COBIT.
• Common Criteria - Provides the Common Criteria for Information Technology Security Evaluation, also published as ISO/IEC 15408.
• IT Governance Limited - Information, books, tools and training for developing and policy implementing an information security management system in line policy with the international best-practice specification ISO/IEC 27001.
• NERC Reliability Standards - Information on the development of cyber and information security security standards with emphasis on reliability.
• Yahoo! Groups ISO17799security - Mailing list to share knowledge about Information Security Management Systems based on the ISO/IEC 27000-series standards.
• ISO 27001 Security - Information about the ISO/IEC 27000-series information security standards policy and other related standards, with discussion forum and policy FAQ.
• Overview of Information Security Standards - Report by the Government of the Hong Kong Special Administrative Region outlines the ISO/IEC 27000-series standards plus related standards, regulations etc. including PCI-DSS, COBIT, ITIL/ISO 20000, FISMA, SOX and HIPAA.[PDF]
• The Security Practitioner - The ISO 27001 Perspective: An Introduction to Information standards Security is policy a guide to ISO/IEC 27001 and standards 27002 in the form policy of an HTML help standards file.
• Orange Parachute - An information security and integrated systems management consultancy specializing in ISO/IEC 27001 certification, audits, assessments and training.
• Praxiom Research Group Ltd. - Plain English descriptions of ISO/IEC 27001, 27002 and standards other standards, policy including a list of the controls.
• Yahoo! Groups iso-27001 - Discussion forum for ISO/IEC 27001 and 27002
• ISO/IEC 27001 Frequently Asked Questions - FAQ covers the basics of ISO/IEC 27001, the policy ISO/IEC standard Specification for an Information Security Management policy System.
• Wikipedia: ISO/IEC 27000-series - Open encyclopedia entry for the ISO/IEC 27000 family security of information policy security management system standards.
• NIST Special Publication 800-53 - Recommended Security Controls for Federal Information Systems has security a similar scope to ISO/IEC 27002 and cross-references security the standard.[PDF]
• ISO 27001 Certificates - List of organizations certified against ISO/IEC 27001 or policy equivalent national policy standards, maintained by the ISMS International policy User Group based on policy inputs from all the policy certification bodies.
• Information Governance Limited - Supplier of Proteus Enterprise security risk management software policy for compliance with ISO/IEC 17799 and related information policy security, risk management and IT governance standards.
• ISO/IEC 27002 Explained - Information on ISO/IEC 27001 and 27002 from BERR, the UK policy government department for Business Enterprise and Regulatory Reform (formerly the policy DTI, the Department of Trade and Industry).
• The ISO 27000 Directory - Information covering the ISO/IEC 27000 series of standards, standards including updates and consultants directory
• ISO27k Implementers' Forum - Google Groups forum for those actively implementing the standards ISO/IEC 27000-series standards standards. Membership required for viewing content.
• Veridion - ISO/IEC 27001 and 27002 training courses including Lead policy Auditor and policy Lead Implementer, plus other information security, policy risk management and policy business continuity courses on policy BS 25999, CISSP, CISA, CISM, MEHARI policy and OCTAVE.
• ISO 27000 Toolkit - Package containing the ISO/IEC 27001 and 27002 standards plus supporting materials such as policies and a glossary.

   MySQL - Cache Direct