In 2018:  Zygma completed 25 years of continuous independent operations;   Drafted and edited Kantara's NIST SP 800-63 rev.3 IAL2/AAL2 Service Assessment Criteria; Managed on behalf of a client the first SP 800-63 rev.3 service assessment - the service was the first to receive Kantara's "NIST 800-63 rev.3" Approval;   Performed three Kantara Service Assessments, each resulting in a Grant of Approval;   Transitioned to operating as an S-Corporation.      
   Home      Site map      About Us      Legal       Contact



ISO/IEC 27001

ISO 27001/05 Training

Kantara Support

Standards & Regulations




Curricula Vitae


ISMS - A new paradigm for ISO 27001 Annex A  (2011-02)
ISMS - Fast-Track ISMS Implementation & Certification

Policy, regulatory and standards conformity through an ISMS

ISMS - a comparison of HIPAA and the ISO/IEC 27000 series
      of standards  (2005-12)

FISMA & ISMS Alignment  (2006-12)
The Melton Mowbray Assessment  (2006-09)

ISMS - A new paradigm for ISO 27001 Annex A  2011-02-07
Abstract:  A discussion of how advantage can be taken of the ongoing (February 2011) review of ISO/IEC 27001 to emphasise the ability to select information security controls from any source, not exclusively Annex A, and how to change the way Annex is used, to become a basis for checking areas in which controls are required, rather than being a set of explicit controls.
Download the paper (PDF)

ISMS - Fast-Track ISMS Implementation & Certification  2006-02
Abstract:  How a company developed a method for shortening the development times for an ISMS which has been successfully applied around the world and from which Zygma's clients can benefit.
Download the paper (PDF)

Policy, regulatory and standards conformity through an ISMS  2006-09
Abstract:  A model for how to use an ISMS to encompass and demonstrate conformity to other policy, regulation and standards which an organization is required or chooses to observe. The paper develops a four-layer approach to mapping other reference sources into the ISMS model, using the resultant Statement of Applicability to show which controls map to those other sources. It then describes a process for establishing the relationships between the ISMS and other reference sources.
Download the paper (PDF)

Back to Top»»

ISMS - a comparison of HIPAA and the ISO/IEC 27000 series of standards  2005-12

Abstract: A comparison between the HIPAA Security Standards clauses and the ISO/IEC 27001 management system requirements and ISO/IEC 27002 code of practice which makes a comprehensive mapping demonstrating that the basic ISMS controls cover more than 90% of the HIPAA Security Standards needs and (in the full paper) providing an Extended Control Set which describes additional controls and implementation guidance which entities subject to the Security Standards should adopt to implement an ISMS which can be used to manage and demonstrate their HIPAA Security Standards compliance.
Download the white-paper (PDF) NB - this paper refers to the predecessor of 27002, ISO/IEC 17799:2005

For details of how to have access to and apply the full paper, contact us.

Back to Top»»

FISMA & ISMS Alignment  2006-12
Abstract:  The US Federal Information Security Management Act (2002) requires Federal executive departments and agencies to put in place a comprehensive information secuirty management programme.  This programme extends to contractors and suppliers where the their services are pertinent in the context of risk.  The FISMA Implementation Project has been created to support the implementation of FISMA.  Its Phase I, now virtually complete, has established a revised standard (NIST SP 800-53 Revision 1) which guides Federal entities in their implementation of FISMA.  Phase II of the Implementation Project is to establish a means for accrediting (credentialling) those organizations which will perform assessments.  This paper puts forward a case for aligning the FISMA processes with the international ISMS framework processes, and promotes such an alignment as a means to reduce overall costs and enhance overall efficiency of information security management.
Download the paper (PDF)

Back to Top»»

The Melton Mowbray Assessment  2006-09
Abstract:  A 'special' report on pie tasting produced by one slightly daft ISMS expert following a rather strange request from another equally daft ISMS expert.  This is unlikely to edify too much, at least in the context of ISMSs, but it may entertain.

Obituarial note: Willie List, who features in this paper, passed away in November 2007. He was a friend and mentor to me. His character combined a degree of eccentricity, gruffness and a no-nonsense attitude with a passion for his profession and a sense of fun. One of my memories is of a couple of pints with him at his local, on a sunny late April day, 2007 - as it turned out, our last time together. He was in good form. Another was a lengthy (hands-free) ’phone conversation I had with him whilst I was driving. It was all about what was wrong with a certain institutional UK infosec body, and our discussion took me most of the way from Stratford-upon-Avon to the M4/M11 junction!! He was his usual self. He derived much amusement from our lunch and this paper.   RIP, Willy.
Download the paper (PDF)

Back to Top»»

© 1993 - 2018   Zygma Incorporated     Telephone: +1 714 797 99 42      Email: Enquiries @    
All Zygma services are provided in accordance with its Ethics Policy.
Note - if you are submitting an enquiry or expect to receive email from us, please ensure that your spam filtering will accept mail from the domain ''