Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Cyber Awareness Training
Thank you. My training is going well. I'm so busy and can't take the training every day. The main thing - implementation.
1 - How to start ? What have to be done the first?
2 - How to start auditing the company on Information Security?
-
ISO 22301 Toolkit - BIA questionnaire questions
Currently, I have several questions regarding the business impact analysis questionnaire. Let me ask you below.
1. Should each process (activity) fill part 2 of the worksheet? Or maybe only those that were rated on a scale of 3 and higher in the course of the analysis and also those activities indicated as necessary for their functioning?
2. With reference to qualitative estimation. In your opinion, is it good practice to define the scale of financial losses as described below for general estimation (point no. 3 of the questionnaire)? Do you often use such a solution?
1 - less than 1% of monthly revenues
2 - 1-10% of monthly revenues
3 - 10-30% of monthly revenues
4 - over 30% of monthly revenues3. If I add revenue ranges in point no. 3 of the questionnaire, should I do this also in point no. 10?
4. If I have 2 locations in my company that perform the same processes, but separately - independently - should I analyze them separately or collectively? How about averaging the data in one questionnaire?
-
Standard Operating Procedures in ISO 27001
Which document in iso 27001 matches a company Standard Operating Procedures?
-
CONFORMIO - Assets management
Please be so kind to clarify: given the fact that risk assessment in Conformio can be conducted based on groups of assets how we can assess each individual asset in Conformio? The same issue is applicable also for threats, vulnerabilities, likelihood, etc. Thank you in advance for the reply. -
Risk Consultation
Can I include information security objectives within the risk treatment plan? How should I include the information security objectives in the asset list and then assess the risks and treat them?
-
Conformio and ISMS
Sorry bother you so much, I've implemented the 9K, 14K and 18K a few times already but it's the first time on 27K. So I've got another question for you. I'm trying to achieve the 27001, 27017 and 27018 at the same time, which are the main ones for any SaaS company. So for instance, the Information Security Policy is mandatory for all of them, however when I open the doc we have in the platform it seems not to cover 27017 and 27018. So my question is, should I request those specific docs straight for you? If we you guys have it as well. There aren't many docs but they are important for the ISMS compliance. Thanks one more time for your amazing help/work. -
Risk treatment plan
hola, quiero hacer una consulta. Si el Plan de tratamiento de riesgo, es considerado como "Plan de acción" ¿pueden incluirse en en el plan los objetivos de seguridad de la información?
-
Como devo prosseguir com um relatório?
Como devo prosseguir com um relatório?
-
Internal auditor qualification
What is your suggestion what qualification internal auditor should have as part of implementation....iso 27001 lead auditor is sufficient?
-
Conformio documentation access
I'd like to see a few docs with you that I am in need of but couldn't find. Please find the list below. - Policy on the use of encryption - Operating procedures for IT management - Secure system engineering principles - Business continuity procedure - Cloud Security policy - Policy for data privacy in the cloud - Statement of acceptance of ISMS document I got this list from a doc of yours called "List_of_documents_ISO_27001_ISO_27017_ISO_27018_Cloud-EN.pdf", and most of them are mandatory for the ISMS from 27001 and a couple of them for 27017/27018. All the other docs I needed I was able to find in the platform. If you can help me with that would be great.