Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk assessment in ISO 22301
How to do risk assessment in ISO 22301? -
Should information security objectives be measurable?
I have a question related to the Objectives (internal audit online course 27001). The course, but also the standard does not clearly distinguish between the 2 types of objectives: general objectives to be included in the top level IS Policy and department/task based objectives. Therefore I have some doubts whether the both types of objectives shall be measurable or not. The way I understood so far (please correct me if wrong), if I am writing a task specific objective it should look like this: ''to reduce the total number of incidents by 20%, by the end of 2017''. On the other hand, if I am including this objective in the top level IS Policy it shall be: ''To reduce the total number of incidents''. -
ISO 27001 for telecommunication industry
I just wanted to know how can i use the ISO standards in the telecommunication industry, like ISO 27011? -
Normal incident vs information security incident
"Want to discuss the ISO 27X definition of a security incident...how can do that? But about the ISO definition of a "information security incident"...in day to day operation, it can be very difficult to distinguish between a "normal" incident and a information security incident. I cannot see, how the ISO definition can help...it seems - at first - a bit vague... Taking at face value, You can start classify ALL incident as security incident... But the definition in accord to 27000 is: "An information security incident is made up of one or more unwanted or unexpected information security events that could possibly compromise the security of information and weaken or impair business operations." -
Risk Assessment Methodology.
What is the basic risk assessment methodology used in ISO 27001? What is FEMA and FISMA? What are all the cases in which a special methodology of risk assessment is chosen? What are all the other methodologies which are being used? Kindly help, TIA. -
Perform the asset register easily
I have a question concerning the Risk assessment: I have already the Asset List and want to match the threats and Vulnerabilities. Like I am using the Lists that you have, but its not easy to do that job. For example for the Asset "Laptop" i have 6 different combinations. My question how can i make my work easier and more effective? Does the ISO27001 requires this level of details? Any Tipps? -
ISO for knowledge sharing
which ISO is applicable for knowledge sharing. I want to secure the knowledge sharing in my department. what ISO should follow to secure Knowledge dissemination. i want just brief description and how it is important in securing the Knowledge dissemination. -
Is Asset register required?
mam find out the asset register is required -
Delay in implementing the controls
The company i work for got certification for ISO 27001 a while back, and as part of the implementation team, during our risk treatment we scheduled most of the controls to a future date to be implemented before the second audit, but the date is passed and the second audit is scheduled for November. I want to know the implications of this and any advice on how to deal with the controls. -
How to treat suppliers that are ISO 27001 certified
We have a data centre who manages our data and they host our Office 365. The office we rent is in a shared building, they provide us with a channel which links us with our Data Centre. They are both ISO 27001 certified - do I class them as suppliers in our ISO 27001? If I do what information do I need from them, what documents do I need to produce and do I need to audit them?