Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Does ISO 19011:2018 align or integrate with ISO 27001?
Does ISO 19011:2018 align or integrate with ISO 27001 and if so how? -
Infosec procedures
I am looking for two procedures: Vulnerability Management and cryptographic / encryption key management. Vulnerability procedure on how many scan are necessary for each classification asset (critical, medium, etc), necessary work to do, documentation process, etc. Cryptographic on how to protect keys, private keys, emergency access to keys, encryption methods, code signing certificate, etc Baseline: ISO 27002 - 10.1.2 OWASP: Key Management Cheat Sheet (key life cycle management (generation, distribution, destruction) ; key compromise, recovery and zeroization ; key storage and key agreement) -
Quantity of risks
Good day Dejan, I hope things are going well in your part of the world? We at *** are slowly working on our ISO27001 accreditation and would appreciate some guidance from you please. How does the attached Risk Table look for a small IT services company with ~15x people? When we spoke last, you suggested that we do the certification for our whole business as opposed to just our SOC portion, so I’ve considered elements from our offices, hosted customer environment and our new SOC. I’ve used ~50x of your standard assets, combined with your standard Threats and Vulnerabilities, and have come up with ~200x Risks. ~15% of these will need further attention later in the process based on their risk score. Are these risks and numbers appropriate, or do we need more / less / different? I don’t want to get too far ahead if this stage still needs more work. We still need to share it with our technical people who could very well raise some additional assets and associated threats, vulnerabilities and risks. I also don’t want to add too many risks if they are effectively trivial, but also want to demonstrate to an auditor later that we have applied our mind to the task. Would you be available for some feedback by email and/or online meeting in the next 2-3x weeks? 7x hours time difference to Perth so probably 9am your end / 4pm our end will work. Look forward to hearing from you. -
ISMS metrics related to Scope
Dears, please, the scope of our Certification is purerly focused to Product development data security. Have you got any tip or examples of PD relevant ISMS metric/s? Of course without specific data, like names or values. Just to have as inspiration for us. Thank you in advance... -
ISMS metrics, from Product development perspective
Can you provide guidance or recommendations how to develop ISMS metrics, from Product development perspective? -
Acceptance of ISO 27001 Lead Auditor certification in Europe and US
What is the acceptance of ISO 27001 Lead Auditor certification in Europe and the US? Is there specific legal basis in European Union, if yes, what is the name of the legal act, article number as legal basis. For me it is very important, for example, if I undergo training in your company and pass the exam, will it be respected in Europe and how? What and if there are legal barriers to accepting the ISO 27001 Lead Auditor certification? I will ask for a concrete answer in order to better decide whether it is worthwhile to take the course with you and the exam in the above-mentioned scope. -
Business Continuity Management
Could you please help me with Business Impact analysis for Business Continuity Management Annex A.17 in ISMS. As per ISMS requirements we have updated the Business Continuity and Disaster Plan as below Planned alternate site is 10 kilometers away from the primary site. There is no server hardware and internet service available at the moment. Critical Business Processes (based on Business Impact Analysis) mentioned Recovery Time Objective as 24 hours for internet service . Would like to understand how to define this. How to arrive that hours? -
Amendments to ISO 27001 Toolkit
Happy to announce my success in passing the ISO 27001 Lead Auditor Exam. Now that I have had time to revert back to creation of the 27001 Tool, I realise that the Changes referred to in the 2022 versions of both 27001 and 27002 may impact documents such as the SoA, applicable controls etc. Please be so kind as to advise whether the Tool will be upgraded to align with the changes, and if so what are the financial implications to me so that I may be assured my Tool is current -
Business Continuity Policy
I purchased the Business Continuity Policy [ISO 22301 hoping it is going to help me move faster in BC Policy writing. But when I read your BC Policy template’s content, it is totally different than what is required by ISO22301 and far away from the recommendations of BCI experts. Why your BC Policy template does not stick to ISO22301 and BCI recommendations? Because I am bit lost with your BC policy template as I am missing the policy statement, definitions, compliance, consequences for Non-Compliance…. Your BC policy template is nuclear.