ISO 27001 Implementation and Metrics Guide

Fellas I want to share this document I co-authored with 4 other ISMS implementers from different parts of the globe.

Feel free to use this document under the copyright notice stated below and on the document itself.

Comments and feedback are more than welcome.

Cheers!

===============================

This work is copyright © 2007, ISO27001security implementers' forum, some rights reserved. It is licensed under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.

You are welcome to reproduce, circulate, use and create derivative works from this provided that (a) it is not sold or incorporated into a commercial product, (b) it is properly attributed to the ISO27001security forum (www.ISO27001security.com ), and (c) derivative works are shared under the same terms as this.

thanks it is really helpful

thank you very much .... really helpful !

I wonder if the document is missing something. Page 2/13 starts with "4. Risk assessment and treatment" Was there anything under 1, 2, and 3?

xjessie007 said:

I wonder if the document is missing something. Page 2/13 starts with "4. Risk assessment and treatment" Was there anything under 1, 2, and 3?

Click to expand...

Jessie, the numbering of controls starts at 4. There are no 1 to 3.

We made the guide to coincide with the numbering in the standard. Have you read the standard? Check the Annex on ISO 27001:2005. Its at the back.

Your material is very good! I´ve started my studies about ISO 27001 to apply here in Brazil. Do you have any advice to me, about my career on systems auditories?

Thks!

Hi, Thanks. It is an excellent material.

Hello Richard,

Thanks for all your help on ISO , it made me achieve the certification ISO 27001:2005.
We are upgrading to the 2013 and wanted to know if we need the metrics such as this for ISO27001:2013 if so is there an updated for this document.

hi sir, do you have an updated metrics for ISO 27001:2013 that you can share with us...thanks