Fiftieth ISO27k standard published

I've completed the revision of www.ISO27001security.com, bringing the site up to date with the status of all the ISO27k information security management standards.

There are currently some 50 published ISO27k standards, by my count, with a further 12 or so in development.

Way down in the weeds, there are several inconsistencies and issues within individual standards, and some gaps in the coverage. Overall, though, the standards do a pretty good job of promoting a systematic approach to information risk management (without using that specific term!).

ISO/IEC standards cost about US$150 each so a full set of 50 would set you back about US$7,000 - a non-trivial amount. I've argued for years that the ISO27k standards should be free to encourage global adoption of good security practices for the benefit of society at large ... but so far only two of the set are free, and worse still it takes a determined hunter to find them since the standards bodies and commercial outlets would much rather make money.

Talking of which, we will soon be hosting advertisements on the site, courtesy of Google, in order to defray our costs. It's time to stop jangling the begging bowl and look after our interests in order to keep the site going. I just hope the ads aren't too intrusive and earn us enough to pay for the hosting and administration. It would be great to redevelop the site to improve the design, especially for all our pixel-constrained mobile-phone-using visitors, but somehow I doubt there will be enough in the coffers for that.