Posts Tagged ‘PDCA’

Clear Policies and Effective Controls

Image via Wikipedia Writing Information Security Policies Policy defines law of an organization what is acceptable and less risky way of doing business. Having a law in-place is one thing (a good start for an organization) but how you enforce or change policies over time is a key to successful policy implementation. To control your […]

Comments (4)

Managing Risks and NIST 800-53

Image via Wikipedia FISMA Certification & Accreditation Handbook The organizations need to establish security program to manage their day to day risks. Before selecting the controls from standards such as (NIST 800-53 or ISO 27002), organizations need to have complete inventory of the assets involved in the scope. Assets involved in the scope would require […]

Comments (3)

ISO 27k and CMMI

To become a successful business in today’s market, optimized information security controls may be the panacea for unmet security needs. One way to achieve optimized information security control is to perform ISO assessment and assess the organization security posture based on ISO 27002 code of practice and map each control with Capability Maturity Model Integration (CMMI) […]

Comments (2)