Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

May 9, 2007

ISM3: Making ISMS (ISO 27001) Measurable, Manageable and Improvable

A 3-day training course " ISM3: Making ISMS (ISO 27001) Measurable, Manageable and Improvable" in Dubai next month has been announced by the ISM3 Consortium. The course emphasizes how ISM3's approach helps ISMS implementations through a strong focus on security processes and metrics, supplementing the best practice guidance in standards such as ISO 27001 and ISO 20000 (ITIL). Course leader Anup Narayanan has just over 7 years experience in the field but has contributed to the development of ISM3 and so has reasonable credentials.

Although I don't personally agree with everything in ISM3, the Consortium is to be congratulated for making a determined and consistent effort to improve information security practices and advance the profession. I believe this initiative would benefit from wider involvement by the international infosec community and encourage you to visit their website or sign-up to their discussion forum (email ism3-subscribe@yahoogroups.com).

By the way, the ISO27001security forum which we initiated last July has just welcomed its 500th member and is turning into an excellent source of well-informed pragmatic advice and support for ISO 27000-series ISMS implementers.