ISO 27000 nit #3. I had to stare at this for several minutes to try to figure out what "enhancing societal values" was doing in this list. IMO the meaning of all the other list items it clear, but that one's clear as mud. I _think_ what they're trying to get at is improving the security culture within the organization being managed, but honestly, that's just a guess, I'm not even certain that's what they mean.
#infosec #compliance #ISO #ISO27000 #standards #isms

ISO 27000 nit #2: The definition of "risk" provided here, "effect of uncertainty on objectives," is dumb, obscure, unhelpful, bureaucratic gobbledygook. It in no way resembles the dictionary definition of risk, which much more closely approximates what I think of when I use the word risk or see it used in an information security concept. I am challenged to understand why they chose this nonsense definition and what they hope to achieve by it.
#infosec #compliance #ISO #ISO27000 #standards #isms

I am reviewing ISO 27000, as one does for shits and giggles, and I am curious about the motivation behind making "interested party" the preferred term while "stakeholder" is allowed but not preferred.
In the contexts in which I see stakeholder used, I believe it is a more accurate term than "interested party." Preferring the latter term IMO obfuscates meaning rather than clarifying it.
#infosec #compliance #ISO #ISO27000 #standards #isms

Buenos días!

#iso27000 #linux #agilidad #gestiondeproyectos

#Informationssicherheitssysteme und #ISO27000er-Familie
1:25 Std.

#Informationssicherheitsmanagementsystem (#ISMS) - #PDCA-Zyklus

ISO/ #IEC27000er-Normenreihe
- Begriffs-, Anforderungs- und #LeitfadenNormen
- #Phasenmodell für ISMS-#Implementierung u. Betrieb aus #27001:2013 ableiten
- Neuerungen in ISO/IEC 27001:2022 und #ISO27002:2022

#informationssicherheitsmanagement #iso27000 #Informationssicherheit

Mit meinem Link ist #LinkedInLearning Kurs kostenlos. 
https://www.linkedin.com/posts/activity-7163581589052932096-X5AD?utm_source=share&utm_medium=member_android

#Implementierung u.Betrieb #ISMS auf Basis ISO/#IEC27001

#Rahmendokument #AssetRegister #Klassifizierung #Kennzeichnung

#Risikomanagement #ISO27005 
#Risikoidentifizierung #RiskAssessment
#Risikoanalyse #Schutzziele #Schadensindex #Eintrittswahrscheinlichkeit
#Risikobewertung #Risikowert
#Risikobehandlung #Risikobehandlungsplan #Restrisiko 
#Risikomanagementkonzept

#gelebtesISMS #Sensibilisierung 
#SecurityAwareness

#Informationssicherheitsmanagement #ISO27000

https://www.linkedin.com/posts/activity-7145089482592092160-QACx?utm_source=share&utm_medium=member_android

Nätfiskare kan kombinera två attack­metoder för att skapa riktigt vilse­ledande länkar. Firefox är den enda webbläsaren som åtminstone skyddar delvis. Vi förklarar problemet och berättar vad som bör göras åt det.

https://nikkasystems.com/2023/05/22/webblasare-tillater-uppenbar-natfiskemetod/

#blisäker #nätfiske #phishing #chrome #firefox #edge #safari #cisv8 #iso27000

I #crochet lapghans while watching #compliance webinars about how much #ISO27000 2022 is going to be a nightmare for me!

Half-a-dozen learning points from a '27001 certification announcement - This morning I bumped into a marketing/promotional piece announcing PageProof’s ce... http://blog.noticebored.com/2022/07/half-dozen-learning-points-from-27001.html #confidentiality #availability #bestpractice #compliance #governance #assurance #integrity #iso27000 #strategy #infosec #metrics #impact

Risk management trumps checklist security - While arguably better than nothing at all, an unstructured approach to the manage... http://blog.noticebored.com/2022/07/risk-management-trumps-checklist.html #bestpractice #compliance #governance #iso27000 #infosec #risk

ISO management systems assurance - In the context of the ISO management systems standards, the internal audit process... http://blog.noticebored.com/2022/07/iso-management-systems-assurance.html #assurance #iso27000

Skyscraper of cards - Having put it off for far too long, I'm belatedly trying to catch up with some sta... http://blog.noticebored.com/2022/07/skyscraper-of-cards.html #authentication #bestpractice #innovation #assurance #incidents #integrity #iso27000 #physical #hacking #infosec #malware #network #crypto #impact #safety #cloud #cyber #risk #iot #it

The discomfort zone -  Compliance is a concern that pops up repeatedly on the ISO27k Forum, just this  m... http://blog.noticebored.com/2022/07/the-discomfort-zone.html #accountability #relationships #bestpractice #compliance #governance #awareness #forensics #integrity #iso27000 #secaware #strategy #privacy #impact #policy #fraud #tools #risk #law

Standards development - a tough, risky business - News emerged during June of likely further delays to the publication of the third ... http://blog.noticebored.com/2022/07/standards-development-tough-risky.html #relationships #bestpractice #development #compliance #governance #innovation #resilience #assurance #awareness #integrity #iso27000 #strategy #culture #infosec #change #audit #cyber #risk

What are "information assets"? - Control 5.9 in ISO/IEC 27002:2022 recommends an inventory of information assets th... http://blog.noticebored.com/2022/06/what-are-information-assets.html #bestpractice #compliance #iso27000 #secaware #control #infosec #tools

Authorised exemptions - Inspired by an exchange on the ISO27k Forum yesterday morning, I wrote and publish... http://blog.noticebored.com/2022/06/authorised-exemptions.html #accountability #bestpractice #enforcingpol #compliance #innovation #assurance #awareness #incidents #integrity #iso27000 #strategy #control #infosec #policy #tools #risk

The business context for information risk and security - Although the organisational/business context is clearly relevant and important to... http://blog.noticebored.com/2022/06/the-business-context-for-information.html #relationships #bestpractice #compliance #governance #iso27000 #outsider #secaware #strategy #culture #infosec #insider #tools #risk

The sadly neglected Risk Treatment Plan -  For some curious reason, the Statement of Applicability steals the limelight in t... http://blog.noticebored.com/2022/06/the-sadly-neglected-risk-treatment-plan.html #accountability #bestpractice #compliance #governance #innovation #assurance #iso27000 #secaware #strategy #control #infosec #audit #tools #risk

Infosec principles (Hinson tips) - Thinking about the principles underpinning information risk and security, here's a... http://blog.noticebored.com/2022/06/infosec-principles-hinson-tips.html #bestpractice #governance #innovation #resilience #awareness #incidents #iso27000 #strategy #control #infosec #tools #risk

WANTED: a set of infosec principles we can all agree on - The SecAware corporate information security policy template incorporates a set of ... http://blog.noticebored.com/2022/06/wanted-set-of-infosec-principles-we-can.html #bestpractice #compliance #governance #iso27000 #strategy #infosec #policy #tools #risk