Philosophical phriday - ISO27k in a nutshell
Inspired by these pizza baking instructions, I thought I'd have a go at condensing an entire ISO/IEC 27001 implementation project to its absolute fundamentals. So here goes ...
ISMS BAKING INSTRUCTIONS
FOR BEST RESULTS,
KEEP IT SIMPLE
------------------------------------------------------------------------------
1. Study ISO/IEC 27001 to understand what's involved.
2. Inform and entice management to whet their appetite.
3. Do precisely what '27001 says, no more, no less.
4. Systematically address the organisation's information risks.
5. Keep management engaged by demonstrating progress.
------------------------------------------------------------------------------
NOTE: the ISMS needs time to bake fully before certification.
Don't rush this or results may be disappointing.
Information risks vary. You will need to
adjust your security controls accordingly.
CAUTION: ISMS WILL GROW
MORE VALUABLE OVER TIME
MORE VALUABLE OVER TIME