Papers
ISMS - Fast-Track ISMS Implementation & Certification
Abstract: How a company developed a method for shortening the development times
for an ISMS which has been successfully applied around the world and from which Zygma's clients
can benefit.
Policy, regulatory and standards conformity through an ISMS Revised 2006-09-14
Abstract: A model for how to use an ISMS to encompass and demonstrate conformity
to other policy, regulation and standards which an organization is required or chooses to observe.
The paper develops a four-layer approach to mapping other reference sources into the ISMS model,
using the resultant Statement of Applicability to show which controls map to those other sources.
It then describes a process for establishing the relationships between the ISMS and other
reference sources.
Back to Top»»
ISMS - a comparison of HIPAA and the ISO/IEC 27000 series of standards
Abstract: A comparison between the HIPAA Security Standards clauses and the ISO/IEC 27001
management system requirements and ISO/IEC 27002 code of practice which makes a
comprehensive mapping demonstrating that the basic ISMS controls cover more than 90% of the
HIPAA Security Standards needs and (in the full paper) providing an Extended Control Set which
describes additional controls and implementation guidance which entities subject to the Security
Standards should adopt to implement an ISMS which can be used to manage and demonstrate
their HIPAA Security Standards compliance.
For details of how to have access to and apply the full paper, contact us.
Back to Top»»
FISMA & ISMS Alignment New, 2006-12-06; Revised 2006-12-21 to refer to SP 800-53 Revision 1
Abstract: The US Federal Information Security Management Act (2002) requires Federal executive departments and agencies to put in place a comprehensive information secuirty management programme. This programme extends to contractors and suppliers where the their services are pertinent in the context of risk. The FISMA Implementation Project has been created to support the implementation of FISMA. Its Phase I, now virtually complete, has established a revised standard (NIST SP 800-53 Revision 1) which guides Federal entities in their implementation of FISMA. Phase II of the Implementation Project is to establish a means for accrediting (credentialling) those organizations which will perform assessments. This paper puts forward a case for aligning the FISMA processes with the international ISMS framework processes, and promotes such an alignment as a means to reduce overall costs and enhance overall efficiency of information security management.
Back to Top»»
The Melton Mowbray Assessment Revised 2006-09-18
Abstract: A 'special' report on pie tasting produced by one slightly daft ISMS expert following a rather strange request from another equally daft ISMS expert. This is unlikely to edify too much, at least in the context of ISMSs, but it may entertain.
Back to Top»»
|
Site map
