Answer the question
In order to leave comments, you need to log in
A
A
Alistair O2016-10-04 12:55:52
Alistair O, 2016-10-04 12:55:52
How to systematize knowledge in the field of information security?
Good afternoon, I began to be interested in information security, the material is not particularly complicated, but the difficulty arises when it comes time to apply what has been read.
I wanted to know how the implementation of the ISMS is going on (what is it in general), how is the analysis going on, after what actions to do which, maybe there are some steps?
well, for example, technical support has an ISO model, with user support, it can be guided by this model to fix a problem, so to speak, a checklist for an employee, maybe there is a similar approach in information security?
help organize knowledge.
thanks in advance.
2 answer(s)
@hokop
@OLS
E
Eugene, 2016-10-04 @hokop
To study the ISMS and get acquainted with the checklist, study ISO2700x
You can take a free course on 27001
A
Andrew, 2016-10-04 @OLS
It is impossible to implement a ready-made system from scratch - primarily due to a qualitative misunderstanding of all parties involved.
In 99% of cases, the IS system passes (or gets stuck on) the maturity stages of the systems described in any guide:
- single implementations/changes based on the facts of events/risks;
- repeated (similar) actions, but without formalization;
- formalized process;
- managed, controlled, evaluated and optimized process.
Read COBIT 4.1.
The process of transition from one stage to another takes at least 1.5-2 years, sometimes up to 5-10 years.
Similar questions
E
R
I
G
W
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question