On ISO 27001, much of my work now requires an understanding of this standard, the gold plated standard for IT security, well I say gold plated, more accurately reasonable endeavours. I believe that it will become an essential part of the defence to charges that one’s failed to adequately protect data. Nothing new here yet!
Here’ the links on the standard
- http://www.iso27001security.com/index.html
- http://www.iso27001security.com/html/27002.html#Section12
- https://www.iso.org/standard/54534.html
- https://en.wikipedia.org/wiki/ISO/IEC_27001:2013
- http://www.iso27001security.com/html/27002.html
- http://gender.govmu.org/English/Documents/activities/gender%20infsys/AnnexIX1302.pdf
- https://www.iso.org/obp/ui/#iso:std:iso-iec:27003:ed-2:v1:en
Today, I am focussing on Operations Security
- http://iso27001guide.com/annex-a/operations-security/protection-from-malware/iso-27001-protection-from-malware/
And Applications Security, looking at logging and monitoring
- http://www.iso27001security.com/html/27034.html
- https://advisera.com/27001academy/blog/2015/11/23/logging-and-monitoring-according-to-iso-27001-a-12-4/