Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 implementation
Quiero consultarte sobre las actividades de implementación del SGSI basado en la norma ISO27001:
1. He esquematizado como iniciar partiendo de 4 pilares: Políticas de seguridad (tenemos, hay que mejorarlas), Análisis de Riesgo tenemos uno que trabajamos con el equipo de Análisis de Riesgo Tecnológico, Estructura de Seguridad – trabajamos con 2 secciones, una seguridad operativa en el área de TI y otra en Riesgo, y un Plan estratégico que hoy día está fundamentado en mejora continua de lo que se tiene y la implementación del SGSI.
2. De la información que tengo de los trabajo realizados identifico 5 procesos críticos (basados en el BIA) y quiero iniciar con el más crítico para proceder con la implementación del SGSI.
Derivado de este que le comparto quiero consultarle cual sería la mejor forma de iniciar: con que documentación de referencia? Reunirme directo con el área dueña del proceso y presentar lo que necesitamos para que nos pueda brindar el apoyo en tiempo equipo cuando sea necesario?
Debido a que sería mi primera implementac ión y que estoy solo en esta gestión le pido su recomendación.
(I would like to consult you about the implementation activities of the ISMS based on ISO27001:
1. I have outlined how to start starting from 4 pillars: Security policies (we have, but we have to improve them), Risk Analysis (we have one that we work with the team of Technological Risk Analysis), Security Structure (we work with 2 sections, an operational security In the area of IT and another in Risk), and a Strategic Plan that today is based on continuous improvement of what we have and the implementation of the ISMS.
2. From the information I have of the work I have done I identify 5 critical processes (based on the BIA) and I want to start with the most critical one to proceed with the implementation of the ISMS.
Derived from this that I share I want to consult you what would be the best way to start: with what reference documentation? Meet directly with the area that owns the process and present what we need so that they can provide the support in team and time when necessary?
Because it would be my first implementation and I am alone in this management I ask for your recommendation.) -
Enforcing ISO 27001 in satellite offices
If a business (head office is in xxxxx) has satalite offices/consultants around the work how do you manage/enforce iso27001? -
Management decisions
I do believe that ISO 27001 is really helpful but i have my doubts because in a small company where the decision are made by the owner, and even though the company has to follow trouth the process and controls, if the manager just wants something faster than usual and the business is not in any danger at all, he can made the decision of break the process or the control. So how an small company can overcome this? -
Statements for systems development
Do you have full written statements around "Securing the Development Environment" and "Secure Engineering Principles" that we can copy? -
Function separation Matrix
I'm searching an Excel template for creating a sod/function separation Matrix. Do you have something like that? -
Statement of compliance
My previous employer, whom I still support because they are a subsidiary of my current employer (xxxx), has asked me to help them to find and use or to draft an Executive Attestation Statement that they can provide to one of their major clients that will suffice for now to indicate that the company’s (xxxx) IT security policies and standards comply with ISO-27000 standards. They have not had a recent independent audit (such as an xxxx) or an ISO-27000 audit certification. The last xxxx audit they had was done in 2013. -
Risk assessment flowchart
I received your free sample of a RA flow chart showing how to risk assess a laptop. Do you sell other assets flow charted out like the laptop example? If so, what other assets are modelled? -
IT audit
1. How can we carry out the IT Audit of a company? -
Datacenter audit
I am subscribed on your learning platform and would like to know if there are links or referral documents for things to look out for when Auditing or reviewing the appropriateness of a data center. -
Risk assessment questionnaire
Is there a questionnaire that i would give to each asset owner to answer, and with i would be able to know all the necessary info to do a proper risk assessment ? is that plausible? Because if i did an interview i would ask the owner to explain his business process and look at all the aspects where an attacker could attack, but if it was an excel sheet or an email questionnaire ? can that be done? Do you have any questionnaire examples?