Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Managing time on security self-development
How does an IT professional manage his time well? I enjoy keeping up with all the latest threats/news, but then if I do too much of this, then I can't focus on my studying of SCCP or other more important topics that helps build my core technical skills. I have other eBooks that I read from my phone; 1 relating to networking, another on Cloud Security, another on Windows AD, another on WireShark Network Analysis, plus my 9-6 IT Support day-job. There must be some way to balance all these so as not to over-develop in one area & neglect the other? -
Writing procedures
Who is responsible of writing procedures in ISMS project? the ISO implementer or the IT staff? -
Defining scope
My question concerns a small company that sells an IT solution to big industrial companies. Some of the prospects are beginning to ask about Information Security Policies and Procedures but the company needs to avoid an overkill project but at the same time make its big customers feel that their investment is safe. The project has to address the fact that the customers need to protect their investment in the projects we sell. I am at loss at what to do... -
Training provider
1. If I do my exam with IGC, instead of IRCA or PECB which are more expensive, how will this impact me in the long term? -
Information classification policy
I am developing the Information classification policy for the company and would like to know if it is obligatory to define the Steps and responsibilities?) -
Implementation chalanges
1 - Would you a roll out process and/or baseline to serve as references? -
8.3 Tratamiento de los riesgos de seguridad de información
Hola, En este punto de la norma hay algún formato que se deba seguir para documentar la implementanción del plan de tratamiento de riesgos? Si en el plan de tratamiento de riesgos hay un proyecto identificado para mitigar una serie de riesgos,¿el comité de seguridad podría a posteriori decidir que se acepta el riesgo y no se implementa ese proyecto? o eso seria una no conformidad ya que el riesgo aceptado o "apetito de riesgo " nos obliga a tratar ese riesgo con el proyecto identificado en el plan de tratamiento. -
Main documents for certification
I wanted to find out what sort of challenges your clients face with auditors or Certification Bodies when they use your documentation toolkit. Also, are there any specific areas or even documentation we need to give extra attention from your toolkit as we prepare for certification? -
Risk treatment implementation
Now we reached to the planning for risk treatment for ISO 27001. In our statement of applicability we excluded only one of the controls in annex A due to un-applicability. Now the remaining controls are required where some of them already implemented and most of them not implemented yet. We shall include the planning for the implementation in the risk treatment plan but this will mean implementing the control in future date. -
Top management and information security
Having completed the ISO 27001 Foundations course I would appreciate receiving your explanation regarding Clause 5 – Leadership.