ISO27k is ...



... a cluster of international standards on information security management and related topics

... derived from British Standard BS 7799, itself based on an information security manual generously donated to the UK government's Department of Trade and Industry by the fuel company Shell International


... plotting sensible routes through dynamic, risky landscapes

... supported or complemented by other standards, methods,
frameworks, approaches, models, concepts ...

... flexible enough to take account of new risks and controls
[inspired by Cristian F Celdeiro Estrada

... "more a marketing tool than a method for establishing
good security practices" 
[source: Dr John Buchanan]

... a foundation, a platform, a basis on which to build

... proactively updated to track if not lead the field

... almost inevitably a few years behind the times

... the ISO/IEC 27000 family of standards

... performance and capacity management

... just one of many possible approaches

... complementary to other approaches

... a paper tiger unless implemented
[inspired by Dr Rizwan Ahmad]

... barely sufficient and unnecessary

... increasingly popular worldwide

... part of corporate management

... applicable to any organisation

... information risk management

... QA-checking infosec controls
[inspired by Tim Weil]

... about protecting information

... about security management

... related to quality assurance

... necessary but not sufficient

... gradually falliing into place

... expectations management

... about information security

... relationship management

... part of risk management

... a mile wide, inches deep
[inspired by Tim Weil]

... about risk management

... part of IT management

... about security maturity

... merely a starting point

... about information risk

... related to governance

... decision management

... incident management

... controls management

... related to compliance

... plausible deniability

... all things to all men

... full of compromises

... about management

... hard to understand

... a set of objectives

... a wise investment

... about governance

... related to privacy

... Jack of all trades

... about assurance

... about mitigation

... difficult to apply

... a set of options

... useful guidance

... a stretch target

... straightforward

... comprehensive

... a cunning plan

... the foundation

... recommended

... about security

... related to risk

... accountability

... demonstrable

... cybersecurity

... good practice

... specifications

... about control

... due diligence

... a destination

... discretionary

... standardised

... teamworking

... best practice

... fundamental

... a framework

... an approach

... a distraction

... bad practice

... trustworthy

... progressive

... challenging

... mandatory

... a cash cow

... misleading

... systematic

... theoretical

... a platform

... integrated

... guidelines

... suggested

... expensive

... a strategy

... pragmatic

... disjointed

... advanced

... a journey

... academic

... simplistic

... a low bar

... guidance

... despised

... retarded

... due care

... essential

... red tape

... required

... evolving

... timeless

... admired

... optional

... doomed

... defined

... a basis

... trusted

... an end

... a start

... simple

... a map

... basic

Other relatives in this blog family: