Comments on: ISO 2700: Security Asleep?

By: Dave Lewis

Dave Lewis — Fri, 25 May 2007 18:15:33 +0000

I wasn’t going for that. If you notice all of the postings like that will have “Article Link” at the bottom. I always reference my quotes that way.

As for Google…not overly concerned with that particular posting. Thanks for the feedback nonetheless.

cheers

By: Rob Newby

Rob Newby — Fri, 25 May 2007 17:22:59 +0000

Yep, I just Googled it and found it straight away. If you type “ISO 2700″ into Google, the first few links are to the article you quote and one is to this blog.
If you want to show up in the right searches, you could correct the error and tag it with the correct “ISO27000″ and/or “ISO27001″.

By: Dave Lewis

Dave Lewis — Fri, 25 May 2007 16:25:14 +0000

“ISO 2700″ and the text was actually a direct quote from the CSO article.

Thanks for your comment!

By: Rob Newby

Rob Newby — Fri, 25 May 2007 15:29:05 +0000

I’ve been jumping up and down and waving my arms about this for over ten years!

ISO 2700 is a new one on me, but assuming this means the ISO27000 series, 27000 - 27008, only 2 of them are actually ratified by ISO: 27000 and 27001. The rest are still only proposals as far as I’m aware.

ISO17799 has been around for donkey’s years in various forms, and it has changed regularly. It came from BS7799 created in 1995, which became ISO17799 in 2000, then split into ISO17799-1 and -2, the systems standard and the systems management standard.

This is why everyone loves it, it’s like a clear version of PCI DSS, one for techies and one for management, and never the twain shall meet. Oh yeah, ISO17799-2 became ISO27001 back in 2005.

The constant input and update is what makes it a good security standard which actually provides security rather than other standards which demand compliance.

You certainly can’t stay asleep if you want to remain compliant with ISO27001.