So I was having a good read of the ISM2014-Draft while trying to transcribe it and I spotted a heading missing from the "Managing Cyber Security Incidents"; so like always I shot off an email to the ISM Team and they actually responded with a thank-you. Achievement Unlocked!
The following is an excerpt/edit of my email chain I first sent on the 10th January 2014.
Request
The 'Context' heading within the "Managing Cyber Security Incidents" seems to be missing on page 54 of 'ISM2014-Draft'. After reviewing the previous editions ISM2013-Aug (p57) and ISM2013-Apr (p59) it also seems to be missing. HOWEVER, it does exist in ISM2012 (p58).
Response
I actually got a response from the 'ISM Team' on the 4th February that contained:
Thanks very much for your email. We are currently finalising the ISM content and have fixed the below issue you identified.
This made my day, so I gathered up another couple of issues and fired them back, since the 2014 version is in draft, and it's bound to have some more lurking errors; I figure its better to send through problem than sit on them, especially since I got a response right? Cool!
Request
Control 0427; where the bullet points seem to be nerfed up and not stepped in correctly for:
- configure the lock to activate either:
- after a maximum of 15 minutes of user inactivity
- if manually activated by the user
As part of my transcription of the ISM I counted 933 controls in the ISM2014-Draft, 129 of these controls have been updated since ISM2013-08; however I assume that Control 0869 is actually at Revision 2 rather than unchanged at revision 1, since the content of this Control has actually changed since 2013-08.
Response Timeout
I have not heard anything further - they must have gone to print with errors :-P
**[EDIT] OK so yeah they released the new version in March, Dated February and a whole heap of other errors were fixed - along with a huge changes in the Jump-Boxes section (including better images).
And yes, they fixed these quirks in the release.