From CSO online:
Would you really have eaten your peas at age 4 if your mama didn’t make you? Funny thing is, despite the fact that they are boring but good for you, the ISO standards may now be turning into the sleeper hits of the season.
Nobody is jumping up and down and waving their arms about it. But quietly, the standards finally seem to be taking off not only in the United Kingdom, their homeland, but in the United States as well. And it’s looking like a smart idea. Since my cover story on PCI compliance ran last month, I’ve heard from a couple CISOs who maintain that PCI compliance was a cinch–because they already followed ISO 17799 or 2700.
[tags]ISO 2700, Compliance, Security Policy[/tags]
I’ve been jumping up and down and waving my arms about this for over ten years!
ISO 2700 is a new one on me, but assuming this means the ISO27000 series, 27000 – 27008, only 2 of them are actually ratified by ISO: 27000 and 27001. The rest are still only proposals as far as I’m aware.
ISO17799 has been around for donkey’s years in various forms, and it has changed regularly. It came from BS7799 created in 1995, which became ISO17799 in 2000, then split into ISO17799-1 and -2, the systems standard and the systems management standard.
This is why everyone loves it, it’s like a clear version of PCI DSS, one for techies and one for management, and never the twain shall meet. Oh yeah, ISO17799-2 became ISO27001 back in 2005.
The constant input and update is what makes it a good security standard which actually provides security rather than other standards which demand compliance.
You certainly can’t stay asleep if you want to remain compliant with ISO27001.
“ISO 2700” and the text was actually a direct quote from the CSO article.
Thanks for your comment!
Yep, I just Googled it and found it straight away. If you type “ISO 2700” into Google, the first few links are to the article you quote and one is to this blog.
If you want to show up in the right searches, you could correct the error and tag it with the correct “ISO27000” and/or “ISO27001”.
I wasn’t going for that. If you notice all of the postings like that will have “Article Link” at the bottom. I always reference my quotes that way.
As for Google…not overly concerned with that particular posting. Thanks for the feedback nonetheless.
cheers