坦白说,在LinkedIn上提问之前,就安全度量指标系统而言,我并没有做过更多的学习和研究。在得到大家的热烈指导和响应后,我越来越发现原来有这么多的资源和信息已经在哪里,可以借鉴。写了前面三段关于安全的度量指标体系的帖子后,我开始读Andy的“安全度量”。
Andy(Andrew Jaquith)的“安全度量”(Security Metrics: Replacing Fear, Uncertainty, and Doubt)这本书是一本不错的书。几个星期前从网上找来了PDF的英文版,前几天买了中文版(电子工业出版社,2007年12月)。这两天在深圳出差,抽路上的时间把书读了一遍。下面是点到为止式的一些评论。 Read more…
Categories: -Chinese-, Security Tags: Audit, CoBIT, ISO17799, ISO27001, ITIL, KPI, Security, SecurityMetrics, SOC, SOX
Refer to the post at 17799.com forum by Calvin, the following information about BS7799 and relevant standards is summarized “as is”:
- ISO27001 is to be the replacement for BS7799-2 by the end of year 2005
- ISO 17799:2005 will be renamed in year 2006 or 2007 as ISO/IEC 27002
A new standard for BS7799 series:
- BS 7799-3:2005 – information security management systems – guidelines for information security risk management” is a new British Standard due for release in December 2005
The new ISO27000 series will have five parts:
- ISO 27000 will formally define the specific technical vocabulary used in these standards;
- ISO 27001 will be the ISO version of BS 7799-2, the certification standard (due for full release in November 2005, already available as a final draft);
- ISO 27002 will be the renamed and updated version of ISO 17799:2005 (to be released in 2006 or 2007);
- ISO 27003 will contain guidance for those implementing the ISO 27000-series standards;
- ISO 27004 will be a new Information Security Management Metrics and Measurement standard to help measure the effectiveness of information security management system implementations (currently in draft);
- ISO 27005 will be the ISO version of BS 7799-3
Andy(Andrew Jaquith)的“安全度量”(Security Metrics: Replacing Fear, Uncertainty, and Doubt)这本书是一本不错的书。几个星期前从网上找来了PDF的英文版,前几天买了中文版(电子工业出版社,2007年12月)。这两天在深圳出差,抽路上的时间把书读了一遍。下面是点到为止式的一些评论。 Read more…
Recent Comments