Wednesday, April 2, 2008

ISO 27001 - A standard choice

Through a perplexing alphabet soup of choices in security standards, most Middle East enterprises are selecting and working with the ISO/IEC 27000 series of benchmarks, especially the 27001 standard. Choosing a security standard is easier said than done.

The average enterprise in the Middle East which is looking for an enterprise wide security standard is faced with an absolutely perplexing, alphabet soup of choices that can deter everybody but the keenest.

To add to the confusion, names of standards often get changed, even when the content remains the same, as these moves from one standards body to another.

Security service providers and consultants, such as Kurt Information Security, tend to pick and choose among different standards to form the basis of their practices and procedures. Such companies have a research and development arm which integrates pieces of various standards to form a security matrix for the firm to employ with its customers.

This is not a choice available to most enterprises. For one, standards cost money and for another, integrating the best among standards requires valuable resources, time and capital - none of which an enterprise can or should rightly be expending.

Read more at: http://www.itp.net/news/515187-a-standard-choice

No comments: