The Inner Circle

Expand all | Collapse all

ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

  • 1.  ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

    Posted 15 days ago
    ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been
    published last month (December 2020) and is now available through the National Standard Bodies, ISO
    and IEC.


    ------------------------------
    JOHN DIMARIA
    ME
    CSA
    [email protected]
    ------------------------------


  • 2.  RE: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

    Posted 14 days ago

    Thanks for sharing John, are there any locations were this information is publicly available and not behind a paywall?

    Thanks,

    Ian



    ------------------------------
    Ian Sharpe
    Product
    AppOmni
    ------------------------------



  • 3.  RE: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

    Posted 14 days ago
    Unfortunately not. ISO has always been a paid platform. Many times a limited preview copy can be found. It basically has the TOC and limited access to some pages.
    John A DiMaria; CSSBB, AMBCI, HISP, MHISP, CERP
    Assurance Investigatory Fellow
    Cloud Security Alliance
    m:+1 314 374-9752





    This e-mail account is used only for work-related purposes; it is not guaranteed that any correspondence sent to this address will be read by the addressee only, as it may be necessary, under certain circumstances, for third parties appointed by the Cloud Security Alliance to access this e-mail account. Please do not send any messages of a personal nature to this address.





  • 4.  RE: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

    Posted 14 days ago
    Edited by Boulevard Aladetoyinbo 14 days ago
    ...Why's ISO "a paid platform" though, when experts work on these standards gratis?...

    ------------------------------
    Boulevard Aladetoyinbo
    Head, Crypto-asset Capital Formation Practice
    Lex Futurus Group/Lex Futurus (Nigeria)
    ------------------------------



  • 5.  RE: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

    Posted 12 days ago
    Edited by Armand Brunelle 9 days ago

    Well @Boulevard Aladetoyinbo,

    It's not a "Paid Platform", it's more like a Get to Know "Yourself" Platform, where people can get to know you from your "Gratis" work... in other words...

    Open-Source, Peer Reviewing, is what is all about. Forum like this one or an External Audit from many sources, good or not, most of the time, are "Gratis" work.

    Expert like to show their skills reviewing paperwork or documentations that came up here first before releasing to the Public. So, experts have a chance to make their name famous, from their "Gratis" work...

    I hope this will help you to understand how peers reviewing and open-source or open-peer-reviewing work.

    Have a great evening and Best Regards.



    ------------------------------
    Armand Brunelle - Research and Development
    Data Scientist - Cloud Architect
    ExonomousID
    ------------------------------



  • 6.  RE: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

    Posted 12 days ago
    Boulevard,

    Many people raise this question and are irritated about the paywall. The explanation (and it's up to you to consider it valid or not) is that ISO has a small number of administrative personnel, based in Geneva, who need to be paid. They also have some technology costs (servers or cloud services), some office space, etc. Those costs aren't covered by anyone, so selling the documents is how ISO runs its "business."

    I've talked (including recently) to some people who are extensively involved in ISO committees and are themselves against that system. However, they also recognize that in order to make the documents free, ISO would have to get various countries, national organizations, or companies to fund them, and I'm sure that would be extremely difficult to put in place and administer. It would also make ISO subject to suspicions of being biased toward people and countries that give them money. The current system lends more credibility to a claim of neutrality.

    Companies should have no problem paying for the standards, which typically cost around $150-200 US. Independents and nonprofits are understandably more reluctant. The final drafts (FDIS) are available for free, and in some cases are identical to the published standard, or so close that it makes no practical difference to use that free version. I don't know if the FDIS documents are removed from the ISO servers some time after adoption of the standard. When you know that a standard is on the verge of being published, I'd recommend searching for the FDIS and grabbing a copy...

    ------------------------------
    Claude Baudoin
    cébé IT Knowledge Management
    Co-Chair, OMG Cloud Working Group
    https://www.omg.org/cloud
    ------------------------------



  • 7.  RE: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

    Posted 9 days ago
    Some ISO standards are made available for free here: https://standards.iso.org/ittf/PubliclyAvailableStandards/index.html.

    ISO 27100 is not one of them. ISO 27000 and ISO 27036 (Information security for supplier relationships) are available for free, though. Given the SolarWinds incident, 27036 may be of particular interest nowadays.

    ------------------------------
    Mosi Platt
    ------------------------------



  • 8.  RE: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

    Posted 9 days ago
    When I click on the link, I get an error message.

    "The page you're looking for has either moved or no longer exist".

    Anyone else getting that error?
    --
    John DiMaria
    314-374-9752


    This e-mail account is used only for work-related purposes; it is not guaranteed that any correspondence sent to this address will be read by the addressee only, as it may be necessary, under certain circumstances, for third parties appointed by the Cloud Security Alliance to access this e-mail account. Please do not send any messages of a personal nature to this address.





  • 9.  RE: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

    Posted 9 days ago
    Hi,

    Both work for me.

    Best regards,

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------



  • 10.  RE: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

    Posted 9 days ago
    try this link, john

    ------------------------------
    Mosi Platt
    ------------------------------



  • 11.  RE: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

    Posted 8 days ago
    John,

    I rcvd the same error message.

    Angela

    ------------------------------
    Angela Dogan
    Founder & CEO
    Davis Dogan Advisory Services, LLC
    ------------------------------



  • 12.  RE: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published

    Posted 9 days ago
    I thought this comment from iso27001security.com was interesting.

    "Those nations that are actively developing offensive capabilities in this area have a vested interest in other nations not developing their defensive capabilities ... hence I suspect some may be deliberately spreading confusion and frustrating attempts to bring clarity to this area among potential targets (through this international standard, for instance). It's a delaying tactic... Rather than clarifying the concepts and terminology, moving the field forward, the standard muddies the waters - possibly the desired outcome..." See https://www.iso27001security.com/html/27100.html

    I haven't read the standard yet. Did anyone get that feeling while reading it or think there is something to the critique? I know there were concerns in the past of nation states intentionally weakening encryption, but I never thought about it being done with international standards.

    ------------------------------
    Mosi Platt
    ------------------------------