Requirements for the standard

Proposed requirements for the standard

  • support accreditation and certification processes
  • provide guidance/hints to help production of "best practice" guides
  • provide ability for "self-certification"
  • provide the basis for tools - e.g. expert assistant
  • proposed standard should use a continuous quality improvement model or maturity model
  • the quality improvement model should be based on the PDCA approach used in ISO 27001 and 9001,
  • the "culture of security" should be based on the approach in the OECD document OECD Guidelines for the Security of Information Systems and Networks
  • the proposed standard should use a risk assessment approach rather than a fully mandated approach.
  • should be explicitly "aligned" with a number of other ISO standards such as ISO9000.

-- DavidGiaretta - 08 Feb 2007

-- ChrisRusbridge - 25 Jul 2007

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2007-07-25 - ChrisRusbridge
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback