Reply to post:

Who's going to dig you out of a security hole when the time comes?

Tom Paine

So if we dig out our copy of the ISO 27001 standard we read stuff like:

Backup copies of information, software and system images shall be taken and tested regularly.

The use of resources shall be monitored, tuned and projections made of future capacity requirements.

I've worked on ISO certs but I don't think I've ever seen the very expensive official documentation. I thought it was completely unprescriptive about what controls are needed, and says that should flow from your risk assessments? That's why I've always preferred NIST SP 800/53 with it's nice long list of controls...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon