Last week my blog poll was, “Is your organization planning to pursue ISO 27001 certification in 2007 or 2008?”
I asked this after reading an SC Magazine article that I recently blogged about, “Are the U.S. Numbers Planning For ISMS (ISO 27001) Certification Really At 80%?”
As I had indicated, based upon my many discussions with a very wide range of CISOs, I thought this number was way too high.
And now for the results of my *ADMITTEDLY UNSCIENTIFIC WEBPOLL*…drum roll, please; Thhuudddrrrrrrrrrrrrr…
Posts Tagged ‘policies and procedures’
The Pursuit…or Not…of ISO 27001/ISMS/BS7799 Certification
Tuesday, August 21st, 2007ISMS/ISO27001 Certification Poll…Ending Sunday
Friday, August 17th, 2007If you have not yet clicked a button on my poll regarding ISMS/ISO27001 certification (see right side of page and scroll down a little) please do so! I’m finding it interesting that a large portion (36%) of those who have clicked for the poll so far are not aware of the certification. This perhaps calls to question the folks at BSI who forecast that 80% of U.S. companies will be pursuing certification in the next couple of years.
See my original post for more information about it.
SMB PCI DSS Issues at the State Fair
Thursday, August 16th, 2007Yesterday I was at the Iowa State Fair literally all day; from 8am to around 8:30pm. Despite the 95 degree extremely humid weather it was such a fun day! The cloudy skies and nice breezes helped a lot. We didn’t get to probably half of the exhibits and activities. And I was *VERY* disappointed I didn’t see any of the at least 4 presidential hopefuls who were on the grounds; the place is so big I guess we were always in the wrong place at the right time.
U.S. Dept. of Homeland Security Makes 14 Privacy Impact Assessments Available
Wednesday, August 15th, 2007I am a huge proponent of privacy impact assessments (PIAs); basically risk assessments for privacy. PIAs can reveal gaps in privacy practices, along with the information security practices used to protect privacy. They are important and effective exercises for all organizations that handle personally identifiable information (PII).
Are the U.S. Numbers Planning For ISMS (ISO 27001) Certification Really At 80%?
Monday, August 13th, 2007Over the weekend I was reading the latest issue of SC Magazine, and some of the statements within the article “U.S. lags in ISO 27001 compliance” made me go, “Huh?”
Bad Advice from the Uninformed and Inexperienced Hurt Information Security & Privacy Efforts
Sunday, August 12th, 2007The results of the poll for this past week show that 91% believe information security and privacy training and awareness is important, but 9% believe it is not necessary to effectively safeguard data.
Well, I’ve had some very interesting conversations in the past few years, usually while at conferences and when chatting with vendors, who were emphatic about how awareness and training is “a waste of time and money.” As the results of my very unscientific poll show, while this opinion may be a very small percentage, it still could significantly impact information security program efforts based upon the folks who are putting down the awareness and training…the influence they have on non-infosec corporate decision makers could be very damaging to overall efforts…
Trick or Treat for Poll Clicks, Please! :)
Friday, August 10th, 2007Do you think my current blog poll (right side of screen, scroll down a bit) is lame? I had a couple of my friends and information assurance friends tell me that my question this week is a no-brainer; that no one will take a poll that is obvious.
Well, if you read my blog occasionally you know that I am a strong believer that information security and privacy awareness and training is absolutely necessary for security and privacy efforts to be effective. But, I have also seen published statements from some otherwise very smart folks stating that awareness and training efforts are a waste of time, a waste of money, or that only technology alone can result in effective security since most folks will “never learn anyway.”
