• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Why is it important to know about national and ...?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
turbomen
Just Arrived
Just Arrived


Joined: 09 Nov 2010
Posts: 0
Location: Hong Kong

Offline

PostPosted: Sat Nov 13, 2010 9:08 am    Post subject: Why is it important to know about national and ...? Reply with quote

Dear All,

Why is it important to know about national and international standards such as AS/NZS31000 or AS/NZS 27001/27002
AS/NZS 31000 Risk Management
AS/NZS27001 & 27002 Security System Management

Cheers,
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
krugger
SF Mod
SF Mod


Joined: 08 Jun 2006
Posts: 16777209


Offline

PostPosted: Sat Nov 13, 2010 11:27 pm    Post subject: Reply with quote

In theory when you implement these standards your organization should have improved efficiency and security because every procedure was carefully created to work in perfect harmony with all other procedures. So all your departments will be able to work together, and as all procedures are followed the overall security of your network will improve.

In the real world the main advantage is that it is a requirement for working with certain organization. The main problems are that either your procedure are not actually followed by the workers mainly because the procedures become obsolete faster than your procedure creation process can produce them. Also it generates tons and tons of reporting on stuff.

In theory I am all for implementing it, but so far I haven't found a good working implementation of it, in which the workers really see the benefit.

Coming back to your question, it is important to know about it because it will be something you will come across sooner or later. Either as a consultant or as a manger.

Your can also sell it for hundreds of thousands of dollars. It is almost a whole business branch.
Back to top
View user's profile Send private message
Dezaxa
Forum Fanatic
Forum Fanatic


Joined: 22 Mar 2007
Posts: 16777214


Offline

PostPosted: Mon Nov 15, 2010 3:57 pm    Post subject: Reply with quote

I would add the following:

1. You may be working for a company which is entering into a contract that involves sharing or managing data. The parties may decide to say that they will conform to the ISO 27000 standard as a shorthand way of specifying all the security requirements.
2. Your employer is likely to be subject to information security audits, either internal or external. Auditors often use 27000 as a way to structure their audits, so it will help you to be familiar with it.
3. If you work for a computer services company, you may want to certify your organisation against these standards, as a way to improve your competitive standing.
4. Even if you don't wish to pursue certification, organisations have legal obligations to protect confidential information, and in practice this often translates into being able to demonstrate that you follow accepted standards of good practice. 27000 is an important source of such standards.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register