30 mins of Googling and I am having a bad hair day. I am looking for a press release or roadmap of ISO security standards. Can anyone post a URL here?

Or maybe something like 27000.org or iso27001security.com/ is OK as a quick unofficial reference.

I found a friend who is on the committee. He is sending me some docs. I will post a summary here when I get them.

Thanks for the link, ayeomans - ISO27001security dotcom is mine.

How can I help? 

Hi NoticeBored

Now we have the mailing lists and forum integration (support call logged), the ISM Top Ten released and the RA project getting some tracking, some people have suggested creating an ISO 27001 implementation forum and guide. What do you think? It seems there are a lot of folks looking at the ISO standards and especially the forthcoming ones.... 

Hi mcurphy.

Well, what can I say?  I'm a committed fan of the ISO27k standards and will happily support any initiatives that will help spread the word about them, encourage people to read and use them, and ideally contribute to their further development.

I set up www.ISO27001security.com two years ago for that very purpose - to share information, tips and advice on the ISO27k standards. I do my best to track new developments from ISO/IEC and keep the site updated with the available information, and have added a links page and FAQ.

Just under a year ago, I set up a discussion forum (email reflector) for those who are actively implementing the standard to share their trials and tribulations with their peers.  I am individually checking applications to join to the forum and reject a significant number of people who appear to have little if any practical experience to share.  There are already a few other online ISO27k forums that accept all-comers and I hope the newbies can find what they need there, although the quality of advice seems rather dubious at times from what I've seen.

So, I guess there probably is an opportunity for another forum to offer good advice to those who are just getting to know the ISO27k (and related) standards.

Kind regards,

Gary Hinson  

www.ISO27001security.com webmaster

Hey Gary

I looked around and saw a number of other efforts as well. What we are trying to do here is to produce projects rather than just "chat" like some of those things and stand by the delivered work. I know someone on the ISO standards commitee and there are lots of good things coming down the pipe. Maybe we could start a discussion about what an ISO Security project at ISM Community would look like and what the need really is? I am not sure I know the answers or even the question but I don't see a good free guide to implementing ISO Security produced by real world practitioners that isn't a marketing document so maybe thats the right way? I know Michael Smith is building some good useful things like the CISO Toolkit, mini-helper apps like spreadsheets and checklists etc. I am sure some of those would be super-handy as well? Given its wide-spread adoption I suspect it would be good to see if there are enough people who would also like to participate?

Mornin' mcurphey

I definitely like the idea of collectively building a 'library' of documents, templates, spreadsheets and diagrams around ISO27k.  We've started already with just a few items (e.g. a mind-map of the implementation and certification process, and - yesterday - a table containing implementation guidance and potential metrics aligned with the sections of ISO/IEC 27002) but there is plenty of scope for more.

The sorts of things people are inquisitive about are:

• General intro to ISO27k (perhaps something people can show their managers to get them interested?)
  
• Statement of Applicability
• Risk Treatment Plan
• Business cases (project proposals) for implementing ISO27k
• Implementation project plans
• Structure charts for ISMS management and operations, plus job descriptions
  
• Policies, standards, procedures and guidelines aligned with ISO/IEC 27002
• Other implementation guidance - stuff to help people building their ISMS for the first time (e.g. how to do a gap analysis, inventory assets, risk assessment and classification of assets)
  
• Case studies on actual ISO/IEC 27002 implementations and certifications
  

There, that little lot should keep us going for a while!!

Best wishes,

Gary

Gary

There is a really sharp guy in Germany (Holger) who has been working on some ISO related stuff behind the scenes. Let me mail him today and see if I can hook you guys and a few others together, with a forum etc and see where it goes. Great stuff!

There is also now a news blog covering 27k: ISO 27001 Report. It seems to be promising, so maybe it is of interest too.

I noticed that there was nothing new in the latest ISO 27000 Newsletter.  

That ISO pipe you mention Mark is very slow in producing!