From time to time I update ISO27001security.com with news on the ISO/IEC 27000 standards, including information from the meetings of ISO/IEC JTC 1/SC 27.  Having contemplated the rate of progress on the updates to ISO/IEC 27001 and 27002, I feel the need to comment in general terms about the ISO/IEC process for developing and publishing standards. Firstly, the process is convoluted and slow - so slow in fact that it may be outpaced by rapid technological changes (developing cloud security standards being a topical example, let alone something such as BYOD).  On the other hand, one of the key benefits of standards is to bring stability and order to the rather chaotic world around us.  It certainly helps to form a broad international consensus on the terms and concepts we use, and that in turn facilitates a common understanding of the complex issues we face.  Standards such as ISO/IEC 27000 are extremely valuable in formally defining terms that are bandied about yet o...

A creative university research project suggests the possibility of a security awareness exercise associated with BYOD and laptop security: why not offer a bounty for laptops and other ICT devices "stolen" from their owners in the office and delivered to the Information Security Manager this Friday?  The bounty might usefully reflect the value of the information on the device. If nothing else, the stunt will raise awareness of the physical security risks associated with portable IT devices - which sounds like A Good Thing from my perspective! Best let Site Security know this is happening in advance.  As to whether they are encouraged to try to prevent the 'thefts' or not, that's your call.

Having just released a brand new security awareness module on BYOD (Bring Your Own Device), we have been surprised (in a nice way!) with the level of interest this topic has generated for us, more so than, say, the cloud computing security awareness module we put out last April. I've been pondering what's going on here.  What's so special about BYOD?  What makes BYOD security awareness sexier than cloud computing security awareness? First off, BYOD is quite new.  The concept has been around for a while but as soon as it picked up the BYOD tag and started appearing in the computer press about a year ago, it has started to buzz.  In other words, it's a hot topic.  Well OK, but so is (and was, last April) cloud computing, so hotness alone is not enough to account for the differing levels of interest in these topics.  Strike one. Second, "BYOD" is a distinctive, easily-searched term, so our awareness materials got some instant Web exposure purely by dint of usi...