Boulevard,
Many people raise this question and are irritated about the paywall. The explanation (and it's up to you to consider it valid or not) is that ISO has a small number of administrative personnel, based in Geneva, who need to be paid. They also have some technology costs (servers or cloud services), some office space, etc. Those costs aren't covered by anyone, so selling the documents is how ISO runs its "business."
I've talked (including recently) to some people who are extensively involved in ISO committees and are themselves against that system. However, they also recognize that in order to make the documents free, ISO would have to get various countries, national organizations, or companies to fund them, and I'm sure that would be extremely difficult to put in place and administer. It would also make ISO subject to suspicions of being biased toward people and countries that give them money. The current system lends more credibility to a claim of neutrality.
Companies should have no problem paying for the standards, which typically cost around $150-200 US. Independents and nonprofits are understandably more reluctant. The final drafts (FDIS) are available for free, and in some cases are identical to the published standard, or so close that it makes no practical difference to use that free version. I don't know if the FDIS documents are removed from the ISO servers some time after adoption of the standard. When you know that a standard is on the verge of being published, I'd recommend searching for the FDIS and grabbing a copy...
------------------------------
Claude Baudoin
cébé IT Knowledge Management
Co-Chair, OMG Cloud Working Group
https://www.omg.org/cloud------------------------------
Original Message:
Sent: Jan 14, 2021 12:25:31 AM
From: Boulevard Aladetoyinbo
Subject: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published
...Why's ISO "a paid platform" though, when experts work on these standards gratis?...
------------------------------
Boulevard Aladetoyinbo
Head, Crypto-asset Capital Formation Practice
Lex Futurus Group/Lex Futurus (Nigeria)
Original Message:
Sent: Jan 13, 2021 08:16:47 AM
From: JOHN DIMARIA
Subject: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published
Unfortunately not. ISO has always been a paid platform. Many times a limited preview copy can be found. It basically has the TOC and limited access to some pages.
|
John A DiMaria; CSSBB, AMBCI, HISP, MHISP, CERP
Assurance Investigatory Fellow
Cloud Security Alliance
|
This e-mail account is used only for work-related purposes; it is not guaranteed that any correspondence sent to this address will be read by the addressee only, as it may be necessary, under certain circumstances, for third parties appointed by the Cloud Security Alliance to access this e-mail account. Please do not send any messages of a personal nature to this address.
Original Message:
Sent: 1/13/2021 11:05:00 AM
From: Ian Sharpe
Subject: RE: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published
Thanks for sharing John, are there any locations were this information is publicly available and not behind a paywall?
Thanks,
Ian
------------------------------
Ian Sharpe
Product
AppOmni
Original Message:
Sent: Jan 12, 2021 08:54:24 AM
From: JOHN DIMARIA
Subject: ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been published
ISO/IEC TS 27100 "Information technology - Cybersecurity - Overview and concepts" has been
published last month (December 2020) and is now available through the National Standard Bodies, ISO
and IEC.
------------------------------
JOHN DIMARIA
ME
CSA
[email protected]
------------------------------