I am interested how it is with online meeting recordings. Which point in ISO27001 is covering this topic? We are trying to present our proposal to the potential customer and he would like to record the meeting. In our presentation there will be a lot of sensitive information and knowhow. Can we disagree with recording based on iso27001, and if not, what we need to be careful about? I need your answer ASAP... thank you in advance.
Hi I wonder how I should Think when i calculate my ROSI value . If I receive a positive value I should invest in that security correction and if I receive a negative value I should not invest. Have I understood it right?
Can you explain to me what the nature of the relationship is between Organisational Resilience and Business Continuity Management?
Do you know practical examples of resilient companies?
Hello Dejan,
I believe you are the most knowledgeable and good trainer on Information security.
One question is haunting me and I thought, who would be better than you to answer this question.
Is scamming bank account holder over telephone, successfully or unsuccessfully, considered as a security incident by bank. Is this incidence recorded in banks incident register?
If not, why not?
Do you have any webinar on third party vendor audits? I am interested in this even if it is a paid activity.
I would like to request for your comment or idea on which I still doubt on how to check this point "Isolation of Sensitive Systems" - According to identified risks, do sensitive application systems operate in an isolated processing environment?
I would very much appreciate for your kindly comment and any idea.
Hi, We are considering going for ISO 27001 certification but we have a fully owned subsidiary company in the *** (we are *** based).
1 - Is it possible to certify the two together or is it necessary to seek certification for each one individually?
2 - Similarly would we need a separate ISMS for each?
How does external auditing firms (for ISO27001 certification) view clients who call “Standard Operating Procedures” Policies? We both know there is a clear difference between Policies, Procedures, and Guidelines. However, this firm calls SOP policies, and in most cases it looks like it.
What’s your perspective?
I am interested Clause 7 and in identifying the required skills for ISMS. What documents can I refer to for that
hi! could you help me with budget dividing into CAPEX and OPEX for ISMS (ISO27001) improving?
You have made a really neat illustration of the relationship between Assets, Theats, Liabilities and the appropriate Controls which makes it fairly easy to explain the relevant issues. The Asset in question is a Laptop and I am wondering if you may have any other illustrations, either for downloads or to buy?
Looking forward to hearing from you at your earliest convenience.
