ISO 27005 – The differences Demystified

With my misadventure with Blogger done – I did not qualify to make easy money with Google Adsense 🙂 – I move the sole post from Blogger back to the trusted WordPress. Please ignore this if you have already read the previous post ___________________________ This post continues from http://practicalinfosec.wordpress.com/2013/02/11/the-path-to-iso-27005/. If you have not read that post,… Continue reading ISO 27005 – The differences Demystified

The path to ISO 27005

Long long ago, there was a standard called BS7799. It came at a time when the Internet was just starting to become ubiquitous. It spoke in esoteric terms of identifying risks to your information. The simple townsfolk who decided to follow BS 7799, did not understand what it meant. Each person started interpreting the ‘identification… Continue reading The path to ISO 27005

Info-Sec Risk Management – Establishing Context

Talking about information security without mentioning risk management is like talking about literature without mentioning Shakespeare or philosophy without mentioning Socrates. While every info-sec professional worth his salt will know his threats from vulnerabilities, the actual designing of a risk management program in an organization is often neglected. Most organizations hire consultants to define a… Continue reading Info-Sec Risk Management – Establishing Context