There have been a number of recent developments in relation to the BSI Information Governance portfolio.
It was reported in the biennial PricewaterhouseCoopers Information Security Breaches Survey that the number and cost of security breaches appear to be rising, with large enterprises especially vulnerable. The survey attributed much of this trend to the growing use of externally hosted web-based services, warning that the “deployment of effective controls tends to lag behind the more rapid adoption of new technologies”. It also noted that a risk-based standard such as BS ISO/IEC 27001 was “increasingly becoming the lingua franca for information security”. BSI recently launched a new book on how organizations should apply the BS ISO/IEC 27000 series to help build a safer outsourced programme. ‘Managing Security in Outsourced and Offshored Environments: How to safeguard intellectual assets in a virtual business world’ has been written by industry guru David Lacey and sets out practical advice, methods and best practices for identifying and managing the security risks associated with the outsourcing and offshoring of IT or business services.
BSI has also recently published a practical handbook for the use and application of BS ISO/IEC 27005. ‘Information Security Risk Management. Handbook for ISO/IEC 27001’ was written by Edward Humphreys and provides specific guidance and advice to support the implementation of requirements defined in BS ISO/IEC 27001 that relate to risk management processes and associated activities.
ISO is in the process developing a new series of Management System standards for Records Management. These will communicate best practice across an organization and to its senior management. The standards will be available for public comment until the end of August 2010 and are expected to be published in autumn 2011.
In Autumn 2010, BSI will publish a Publicly Available Specification, PAS 92 ‘Code of practice for the use of biometric systems’. This addresses the application of biometric systems across a range of sectors, with a particular emphasis on best practice for the collection of biometric data. To mark the launch of PAS 92, BSI will be holding an themed event in November, where attendees will be able to find out how PAS 92 can be used in the procurement and operation of biometric systems and hear good practice case studies of their successful application.
Links:
Info Sec books in BSI Shop
BSI Draft review System
Biometrics Conference
Return to Summer 2010 Committee e-newsletter
