ISO is having surveys about number of ISO certifications, it is worth to have a look 🙂
The table below is taken from the executive summary.
There are also excel files available for each ISO standard that shows certifications per country or industry… For example for ISO 27001, the total number over the years is shown below.
It is worth to have a look at the recent study report called The 2017 Global Information Security Workforce Study: Women in Cybersecurity.
It can be found at the research page od the the Center for Cyber Safety and Education, or directly here.
Flowgorithm is one of the visual programming tools available today.
Positive:
Negative:
The figure below shows when execution is ongoing in slow speed. One can see where the execution is, both in the big flowchart and in the source code window (in this case Java). In addition, there is variable window (lower left) showing that 2 lotto numbers had been generated so far. The console window on the lower right is used for input and output operations.
The figure below is the clipboard copy of the flowchart in flowgorithm. The tool can also export in emf and svg formats.
Visual program file for lotto
This file is zipped. unzip in order to get the “Lotto.fprg” file.
Testing the java source
The generated java code worked well, as can be seen in the figure below. DrJava (portable) was used to compile and run the code. There was only 1 minor tweak needed (ie. one needed to initialize the NewNumber variable, see line “int NewNumber = 0;”)
Links
Morse Learner is a portable and handy software for learning both the receiving and sending of morse code (chraracters made of DAHs and DITs).
In the beginning it starts with small set of characters. And there are options to change the speed etc.
Receiving mode
Sending mode
In this tool, it is also possible to use a real morse key. In the picture below, the USB-RS232 cable is used. In the serial connector DB9, pins 7 and 8 are connected to the morse key. (The morse key is a simple 15 € key.)
Links
In addition to previously mentioned gImageReader, these 2 other portable OCR tools worked well in the following scenarios:
For PDF-XChange Viewer one might need to install language package first. (The installation folder is “PortableApps\PDF-XChangeViewerPortable\App\PDFV_Portable”).
Please note, that also IrfanView has a plugin for OCR. It is called KADMOS and is available via plugin page or here. However, for some reason the results were not good for the cases where I needed OCR.
ISO 27002 “Code of practice for information security controls” list 144 controls with the same structure for all the controls. If one would like to work on these controls, like reusing them in another documentation or doing a presentation etc, then it can be tedious to re-write the text manually into another format. Instead one can try to automate, as much as possible, and process the text of the standard by using a simple script programming language. In this blog, the text is first processed by using autoit script.
The steps
The figure below shows the overview of the steps.
The content of ISO 27002 cannot be reproduced here. But the following files are provided in case if you want to try these things yourself:
The output of the first autoit script is XML file. The structure of this XML file is shown below. This structure is selected because the layout of the ISO 27002 mostly follow this kind of heading and chapter structure. Some manual editing of the txt file is needed to make the input file to follow a consistent structure. This way the same parser code can be used without needing to program exceptions. (ie. fixing the data quality rather than the code).
<iso27002> <clause> <clause_title_h1> </clause_title_h1> <control_category> <control_category_title_h2> </control_category_title_h2> <category_objective> </category_objective> <security_control> <control_title_h3> </control_title_h3> <control_text> </control_text> <implementation_guidance> </implementation_guidance> <other_information> </other_information> </security_control> </control_category> </clause> </iso27002>
Output 1: the graph (and picture)
The figure below is exported from yEd; after it has been manually beautified 🙂
When importing to yEd, one need to map the data for both Edges and Nodes, and also choose the label for the Nodes (in presentation tab).
Output 2: the access database
The XML import to excel works well, and the first row contain the data field names. However, it is difficult to browse this manually since some fields are quite long. Therefore one can store the data also into another format, in this case the excel file was imported into an access database. In the basic view mode, one can see the rows with equal spacing and that there are 144 rows (ie. controls).
ISO TS 33052:2016 “Process reference model (PRM) for information security management” is in interesting document which can be useful when evaluating the possible ways to implement the information security management system (ISMS) processes (see ISO 27001 ISMS requirements). This Technical Specifion (TS) contains process descriptions of 26 processes, and the relationship between ISO 27001 requirements and PRM (in annex A). The 26 processes are shown in the figure below:
Each process description contains following elements
Please note that this TS is not implementation guidance, but is used as a basis for the PAM (Process assessment model) that is described in ISO TS 33072 “Process capability assessment model for information security management”.
About ISO related standards
BSI Standards
For looking the ways how to implement ISMS, it is also worth to have a look on the BSI standards, especially BSI 100-2! They are freely available here.
