I'm looking for some opinions as to whether ISO/IEC 27001 is appropriate for most small businesses, even those not in the ICT sector.
How much work is it to implement, when compared to NIST 800-171 or the UK's Cyber Essentials?
I'm looking for some opinions as to whether ISO/IEC 27001 is appropriate for most small businesses, even those not in the ICT sector.
How much work is it to implement, when compared to NIST 800-171 or the UK's Cyber Essentials?
"Infosec" is applicable to any business, not solely ICT. Let me check for sure, but I believe NIST 800-171 is less arduous than the 100+ controls of Annex A in 27001. I have an analysis of both I may be able to post without issue.
I'm looking for some opinions as to whether ISO/IEC 27001 is appropriate for most small businesses, even those not in the ICT sector.
How much work is it to implement, when compared to NIST 800-171 or the UK's Cyber Essentials?
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to the use of cookies.