Ideas

[stephenT]

Hello all -

I would like to see the members of the community assisting each other in a lot more detail.

What I mean is we can develop our own "Tool / Data base / Info Space" I do not mean an application just text based stuff.

There are many Consultants who need work but we can be our own consultant and pass on hints tips tricks for FREE which is what I think a user community should be doing.

I also believe that BS7799 / ISO17799 should be available via the web FOC. Similar to the data protection act. Provided by UK Government web site.

To this end I have a question and some info to start the ball rolling.

Question:
Has anybody developed a set of generic "Information Security Assets"
i.e. Telephone, Paper, Sensitive Laptop, Non-Sensitive laptop, PC... People, Word of mouth.

From this has anybody developed a list of threats (The more important ones) i.e. - Fire, Water, Natural and unnatural disaster, accident and misuse.

And therefore a bunch of associated controls

[sarahol]

Some excellent ideas there Stephen. I can certainly confirm that this forum is more than happy to hold whatever FOC recources/tools members are prepared to write/produce.

A special 'content' section is actually about to be launched, specifically for constributions to the public domain.

Regarding BS7799 / ISO 17799 itself being available FOC, again I find it difficult to disagree with you. The problem is that there are too many different parties involved there, and not just BSI and ISO. Unfortunately, it won't happen. Pity.

However, with the will, I am hopeful that the FOC void can be filled with member contributions.

[Guest]

Just an aside here but as of Jan 2005 the new Freedom of Information Act kicks in to force. This then gives you the right to ask any public body (ideally one with certification) for copies off there ISMS Documentation, Policies and Proecures, Registration Project Docuementation etc etc....

[stephenT]

Now what a way to 'plagarise' somebody elses work... wonderful I think this could cause some consternation if we all wrote to 'XYZ' Council at the same time and asked for their ISMS Policy / procedures or other public documents..

Hey GUEST - why not register and join the fun.



Thanks for the update and information
Kind regards

Stephen

[vpalat]

I have developed a list of generic information assets that we use within our organization - they are non IT related.
Let me know if this is what you are looking for - they constitute more generic physical assets - also including information assets like personal information based on training and such.
Lemme know.

Vin

[Silver]

If you're happy to place them in the public domain, why not contact the site admin of this portal (Sara) and have them posted on this portal? I'm sure they'd be more than happy, as a list like that could help many people.

[vpalat]

Okie - Sara - let me know how to get this across to you.
Its a limited amount of information - but well - and I guess a more comprehensive list can be built based on more contributions.
Tnx Silver

[Silver]

Contact her through the 'Feedback' button on the left hand panel.

[vpalat]

okie thanks!