ISO27k-aligned security awareness service
Feedback from our visitors
Creative security awareness materials

Creative security awareness materials for your ISMS

Copyright © 2017 IsecT Ltd.

Thanks for completing the website visitor survey: the ISO27k Toolkit is clearly a bit hit, along with the info pages about the ISO27k standards. Should we drop the forum and FAQ though?

ISO27001security most popular pages

The red comments below are genuine feedback submitted to the website visitor survey or emailed, with our responses in black. We really appreciate your kind comments and improvement suggestions. If there’s something we’ve missed or got wrong on the site, do let us know. If there’s something you really value, it’s nice to know that too!

“It is not clear that you need to join and login to Google to get the ‘apply to join’ option [for the ISO27k Forum]” Ah, yes, oops. Since we are already joined up and stay logged in 24x7, the Google Groups web interface looks different to us. Thanks also for pointing out a circular reference between the visitor survey and contact us pages, now expunged. Thank you for taking the trouble to respond. G’day!

“I really like this site. I am not implementing or administering an ISO27K program but really enjoy learning how this compliments supliments other GRC frameworks. Awesome job on this site and great work from contributors - I hope to contribute once I work through the content.” Me too! The community spirit is alive and kicking in ISO27k-land.

“Do we have a registration mechanism for the site or at least an option that sends some artifacts or news once a week?” The simple but unhelpful answer is “no” ... but we do try to update the home page when we make changes to the site: you could always sign up for one of the automated page monitoring and notification services, or bookmark us and come back every so often. Important stuff tends to be raised on the ISO27k Forum.

“Just a quick note to say thanks for providing such a comprehensive resource on the ISO 27K family ... I'm sure I'll be visiting the forums more (and hopefully contributing as well as asking questions) in the near future.” Thanks Tony, it’s our pleasure.

“I hope for more details to explain and give example about ISO27K implementation.” Fair enough: we update the ISO27k Toolkit and FAQ occasionally, and the primary purpose of the ISO27k Forum is to support implementers.

“Agradecer por la informacion.” Gracias - eres bienvenida a mi amigo.

“Excellent and highly valued source.” That’s what we like to hear!

“I want to add BCP part in ISO27k Toolkit. Great! You write it and we’ll add it :-)

“This site is really great. it helps budding security practitioners however its too much closed. knowledge is to be shared (i am not against moderation). so please open the group to all. let us moderate the new joinees until they prove genuine. if you say don't have time, pls seek volunteers for this task. if you implement an authenticated website (CMS), these can be easily done.” If only it were simple to ‘implement an authenticated website (CMS)’! Nice idea though, agreed in part. We have opened up the ISO27k Forum to world read. This website has always been, and will continue to be, open to all fans of ISO27k, whether budding or in full bloom. We are not going to open the Forum to world write, however, as the spammers will soon get their fangs into it and novices will swamp us with the most naive questions causing the signal-to-noise ratio to plummet - that's why we pre-qualify Forum members, asking them to confirm their qualifications and willingness to contribute, not just to suck up all the info like black holes! This is a community project that depends on the active involvement and generous contributions from its members. That said, we will look into a CMS such as Joomla or Wordpress, as you kindly suggested.

“A viewing mode for the forums would be nice before signing up.” Agreed! The ISO27k Forum is now world-readable. We also have a few example threads listed on the Forum page. Thanks.

“Poor visual appeal” Thanks for the criticism but it's not very helpful: what aspects do you find poor? In what ways are the layout and visual appeal flawed? How, specifically, could we improve the site? Seriously, actionable improvement suggestions are most welcome but you'll need to give us a better clue as to how to improve.

“Make Free T-Shirts :P” That’s a lovely idea but I fear we would have to charge for them as our shoestring budget is already stretched thinner than a human hair.

“Hi, Very nice informative website. As a web designer myself I would only change the layout and format of the website. Have things centralised on the page (with expandable tables as defined in the CSS file)...” I’m struggling a bit with my limited skills and the software tool available, so much as I would like to do this, it may take a while! Thanks though for the suggestion.

“Very easy, very simple, very effective to start learning wide world of IT security” Interesting perspective! Most people find it quite complicated and difficult to fathom.

“I would add more samples. Thank you soooo much!” No, thank you! We are happy to continue developing the ISO27k Toolkit and welcome further contributions to it

“Overall extremely satisfied. I found the site via Linked In and I like getting the daily dialog & discussions on my email from others in the group.” Great! Do chip-in when you are ready. All opinions valued.

“The form [Forum] shall be open to folks those who are intrested in ISMS/ISO standards as well. Making the subscription more difficult is not the right approach to keep spammers away, IMO.”

Point accepted - we have relaxed the Forum entry criteria.

“I would change or add nothing, it's very well done as it is. As long as it's maintained the way it has been, it will continue to serve as an excellent public resource. Keep up the good work!” Many thanks. No big changes planned.

“I would change the lay out” Err, thanks for the suggestion. A bigger hint as to how to change it might have helped! We have had a few comments like this: please be more specific and we’ll gladly give it more serious consideration.

“As a representative from one of the largest certified bodies in the world, I would have to say that this is one of the best organized, most informational and helpful webites I have seen on the subject. I point our clients to it frequently when they are looking for help. Keep up the good work!!” Thank you!

“Web site is well worth it. I'm studying 27001 as part of a Uni course and fine the site very helpful.” Good luck but don’t forget to spell-check!

[Wanted:] “A Page for Complete Download section and also some Technical Glossary and Abrev” The complete ISO27k toolkit is available as a free ZIP. The glossary will cost you $5 though: sorry but we have bills to pay.

“Content wise website is excellent. Look and Feel of web page may be improved. Example related to Risk Management would be very good move.” Good idea re the example: one day, maybe ... Sorry about the look & feel but given limited free time, we prefer to provide good content than worry too much about the presentation (unless you’re offering to help!).

“This is a great resource, and contains the best and clearest information on ISO 27K that I've found to date. Well done, and keep up the good work! I'd like to see some more information on information security roles, what the typical duties are, and how these roles can work best with the rest of the organisation (in a positive way).” Thanks for the suggestions. We have been working on infosec roles and responsibilities but it’s a slow spare-time project.

“I am taking the survey to congratulate you on your website. I’m a security consultant, and find your webpage to be one of the best references. I specially like that you always keep it updated. Cheers!” Thank you sir, and thanks also to those who contribute information. I know the site design is more basic than pretty but I’m glad you find the content useful. Cheers!

[Wanted:] “A good search tool” Good idea! We’ve added a Google search box to the home page. Hope that will suffice.

“I use your site all the time. It’s the most reliable and up-to-date source of information on the ISO 27000 standards.” We do our best!

“You've got a very good selection of material. Its fantastic to see a consultancy giving back to the infosec community; giving 2700x to the masses. Too many consultancies here in Oz are "standards leeches", relying on mandatory compliance with these standards to sell their services. More like accountants rather than passionate individuals such as yourself. Great work and thank you for sharing.”

“Thank you for your effort and diligence required to maintain this site and its content. I have a keen interest in the ISO/IEC 27K BoK and the information regarding the ISO/IEC 27K series is just great! Keep up the excellent work. You are a providing an important service to security practitioners globally.”

Thank you both! I’m glad you appreciate the passion and the work involved.

[Wanted:] “A secured "sign on" for members, possibly for Forums. I would add the capability for members to create and run SIGs forums for interactive real time Focus discussions amongst members. Thanks for a great Website!” Thanks Virginia. Unfortunately I don’t think the web authoring program I use has that capability. Please join the ISO27k Forum instead and, if you feel the need to create your own break-away forum, Google Groups works well for us, and it’s free!

“This is a great site to refer when you work on Information Security.” Cheers!

“I would change the font and the way the website looks. Otherwise its a excellent website. It's very useful for budding security professionals, I very much thank all your team who put excellent effort, time etc. Once again I thank you all.” OK I’ll look for a different font, though I’m not entirely sure how to make the website look better! Cheers anyway.

“I would change nothing, its perfect... please continue.” Perfect eh?! Thanks for the support. We’re gently glowing like a nuclear fuel rod.

“I would add a chat window for interactive sessions with professionals.” We're too busy for much of a chat I'm afraid! If this were a commercial site with sufficient funding to pay for our time, fair enough but it's not. However, many infosec pros actively participate in and contribute to the ISO27k Forum.

“A simlistic [sic], easy to read and understand, logical roadmap to certification. i.e. a dummies/idiots guide to gaining certification. Starting at the moment in time the decision is made to go for the certification, right through to the party! Why are all the current guides so complicated ? As an IA consultant I understand it all but I like easy to read and follow plain English, something that is sadly missing in many areas of the IT business world.” Errr, have you actually looked around the site? There is a simple process diagram on the site covering exactly that, plus plain English descriptions including the FAQ. I’m sorry if you still find it all a bit too complicated - perhaps ISO27k is not for you :-)

“It is just great and I am considering me lucky to have found this site. I will try to contribute once I have some experience.” That’s what we like to hear! Seriously, we very much appreciate the contributions (of experience just as much as $$$!) by our fellow fans of ISO27k. Without your assistance, this project would have folded long ago.

“I would suggest to have all the standard page overview into a single PDF document so visitor needing an descriptive and understanding of the content can just download the document and then select what s/he need. Many commuter read this type of information off line and it is very handy.” Interesting suggestion but I’m not (yet) convinced the effort to do so would be worthwhile: if you feel strongly about this, please raise it on the ISO27k Forum.

“Very easy, very simple, very effective to start learning wide world of IT security.” Thanks for that. This site wasn’t intended to be a teaching resource: we were simply aiming to help infosec professionals understand and use the ISO27k standards, but it’s good to hear that you find value here.