|
Juhani
Anttila
PITFALLS IN THE MANAGEMENT SYSTEM STANDARDIZATION FOR INFORMATION SECURITY Abstract The most important international management system standardization consists of ISO/IEC 27000 family of standards. In this autumn 2013 we got finished the brand new editions of the key standards ISO/IEC 27001 and ISO/IEC 27002 of the standards family. These standards had among the participating countries of the committee ISO/IEC JTC1 SC27 a large consensus, and we have seen strong marketing efforts for the standards. However through a critical review we can recognize significant pitfalls in the standard texts and hence possibly also in the implementation and use of the standards. These aspects are presented from the basis of an insider’s knowledge. Standards are considered in the broad sense of standardization and their practical organizational implementation. Main focus in on the standard ISO/IEC 27001. Important details that are highlighted include the new harmonized structure of the standard and the realization of risk management in the standard. Problems are analyzed and recommendations proposed particularly from the organizational business integration point of view. Also the new topics are addressed to the research community of information security. [This topic was presented at the international CrIM workshop and winter school in Oulu, Finland in 2013] |
|
|
|
|
|
