Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Minimum roles for ISO 27001 certification
What roles should I have at least in my company to be able to make a satisfactory certification? This company is small, only 10 employees. -
BIA input for risk assessment
While going through the CISM manual I came across the asset valuation as one of the basic steps for risk assessment. its stated that for valuation sometime BIA is selected as one of the method, because of it can derive the impact on the business. So can we consider then BIA as an input to risk assessment, kindly suggest? -
Consolidating policies
I have consolidated these documents “ ISMS policy – IT Security policy – access control policy- Secure Development policy” into one document that is right? -
GRC and ISO 27001
I came across your blogs in 2018 while I was thinking of taking ISO certification as I am currently working for ITGC controls. I need some guidance from you with regard to this. I have 4 years of experience in ITGC controls. Currently I am giving interviews for GRC domain. I want to enhance my skills in this area. but what I have worked is very small part of GRC. Could you please guide me on how to prepare for the interviews and what all skills is it necessary to be accurate in? And is it necessary to have hands on experience in whatever the interviewer asks? -
Non-Conformance vs Opportunity for Improvement
Struggling little bit with Non-Conformance vs Opportunity for Improvement, or Continuous improvement. Do you have any examples, on ISO 27001 nonconformance vs Continuous improvement Something not meeting a requirement of ISO 27001 if taken up as Continuous improvement as an action, will that suffice? -
Support on NIST SP 800-171
I recently gain interest in Compliance specially in ISO 27001 and NIST 800. I am already enroll in ISO 27001 Foundation course and its really helpful. I am also start studying NIST 800 standards specially NIST 800-171 but I didn't get enough material and guidance about it. I have some queries if u can tell me how can I start learning about it? Any links you can share or any person you can recommend to me to whom I ask about it and any thing you can tell me about its impact? -
Certification bodies
I want to know the list of the authenticated bodies for ISO 27001 Certification (such as TUV). Can you help me? Do you have a link or a list for them? -
Implementation alternatives
Do you think which is better between continuing with the ongoing steps and phases of leading the company to ISO 9001:2015 Certification or starting with the steps of implementing ISO 27001 while we have a very difficult job of dealing with ISO 9001 2015 implementation? -
Risk management frameworks
1. Suppose that I had IT Risk Frameworks follow COBIT requirements but my company want to get ISO 27001:2013 so do I need to write another IT risk Frameworks follow ISO requirements to get certified? -
Questions to top management
I need a list of types of questions the chief executive officer (CEO), chief information security officer (CISO), chief information officer (CIO), or chief technology officer (CTO) of an organization needs to answer about the security technology you are using (or need to invest in), and how it is postured to best mitigate risk to cyberthreats.