ISMS - A new paradigm for ISO 27001 Annex A 2011-02-07
Abstract: A discussion of how advantage can be taken of the ongoing (February 2011) review of ISO/IEC 27001
to emphasise the ability to select information security controls from any source, not exclusively Annex A, and how to change the way Annex is used,
to become a basis for checking areas in which controls are required, rather than being a set of explicit controls.
ISMS - Fast-Track ISMS Implementation & Certification 2006-02
Abstract: How a company developed a method for shortening the development times
for an ISMS which has been successfully applied around the world and from which Zygma's clients
Policy, regulatory and standards conformity through an ISMS 2006-09
Abstract: A model for how to use an ISMS to encompass and demonstrate conformity
to other policy, regulation and standards which an organization is required or chooses to observe.
The paper develops a four-layer approach to mapping other reference sources into the ISMS model,
using the resultant Statement of Applicability to show which controls map to those other sources.
It then describes a process for establishing the relationships between the ISMS and other
Back to Top»»
ISMS - a comparison of HIPAA and the ISO/IEC 27000 series of standards 2005-12
Abstract: A comparison between the HIPAA Security Standards clauses and the ISO/IEC 27001
management system requirements and ISO/IEC 27002 code of practice which makes a
comprehensive mapping demonstrating that the basic ISMS controls cover more than 90% of the
HIPAA Security Standards needs and (in the full paper) providing an Extended Control Set which
describes additional controls and implementation guidance which entities subject to the Security
Standards should adopt to implement an ISMS which can be used to manage and demonstrate
their HIPAA Security Standards compliance.
For details of how to have access to and apply the full paper, contact us.
Back to Top»»
FISMA & ISMS Alignment 2006-12
Abstract: The US Federal Information Security Management Act (2002) requires Federal executive departments and agencies to put in place
a comprehensive information secuirty management programme. This programme extends to contractors and suppliers where the their services are pertinent in the context
of risk. The FISMA Implementation Project has been created to support the implementation of FISMA. Its Phase I, now virtually complete, has established a
revised standard (NIST SP 800-53 Revision 1) which guides Federal entities in their implementation of FISMA. Phase II of the Implementation Project is to establish
a means for accrediting (credentialling) those organizations which will perform assessments. This paper puts forward a case for aligning the FISMA processes with
the international ISMS framework processes, and promotes such an alignment as a means to reduce overall costs and enhance overall efficiency of information security
Back to Top»»
The Melton Mowbray Assessment 2006-09
Abstract: A 'special' report on pie tasting produced by one slightly daft ISMS expert following a rather strange request
from another equally daft ISMS expert. This is unlikely to edify too much, at least in the context of ISMSs, but it may entertain.
Obituarial note: Willie List, who features in this paper, passed away in November 2007. He was a friend and mentor to me. His character combined a degree
of eccentricity, gruffness and a no-nonsense attitude with a passion for his profession and a sense of fun. One of my memories is of a couple of pints with
him at his local, on a sunny late April day, 2007 - as it turned out, our last time together. He was in good form. Another was a lengthy (hands-free) ’phone
conversation I had with him whilst I was driving. It was all about what was wrong with a certain institutional UK infosec body, and our discussion took me
most of the way from Stratford-upon-Avon to the M4/M11 junction!! He was his usual self. He derived much amusement from our lunch and this paper. RIP, Willy.
Back to Top»»