InfoSec and Privacy ISO Standards

Image

ISO/IEC 27701:2019

  • Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines
  • Publication date: 2019-08

Thanks go to Richard Nealon for reminding me that ISO/IEC 27701:2019 has been published in August to replace the draft, ISO 27552.

How does ISO Work?

  • Stage 0 (preliminary stage): A study period is underway.
  • Stage 1 (proposal stage): An NP (New Project) is under consideration.
  • Stage 2 (preparatory stage): A WD (Working Draft) is under consideration.
  • Stage 3 (committee stage): A CD/DIS (Committee Draft/Draft International Standard) is under consideration.
  • Stage 4 (approval stage): An FDIS (Final Draft International Standard) is under consideration.
  • Stage 5 (publication stage): An IS (International Standard) is being prepared for publication.

References

InfoSec Governance and Value Delivery

Image

PMI Value DeliveryInformation Security Governance

Information Security Governance as a Value Delivery Process

Cost management is extensively described in “A Guide to the Project Management Body of Knowledge” (PMBOK Guide) and the “Practice Standard for Earned Value Management“.

The focus on BRM is on the benefits component, including tangible and intangible benefits.

Quantifying benefits and allocating appropriate costs for attaining these benefits can be difficult in some cases due to the degree of subjectivity involved.

This can be especially true when quantifying intangible benefits, although there are methods that aid in quantifying intangible benefits such as the use of proxy or representative measures.

Source: Benefits Realization Management: A Practice Guide