Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27000: IT technical consultant
Do I need to be an IT technical savy to be ISO 27000 consultant? I'm a BCS professional but into ISO consultancy services. Please advise to become one
-
Implementation of ISO 27001 Guidelines
How can I make a guideline to make a timeline for the implementation of ISO 27001
-
Risk register
Just a quick question, is it right that a client could ask to see a risk register of a company. Also all Vulnerability let's say a Vulnerability scan found certain ports open within a company then the owner enters this into the risk register this could then be seen and passed onto a potential client. So gist of my question is should we enter all Vulnerability found from a scan into risk register knowing that a potential client could request this.
-
Risk assessment reference
1. There is a question that the external auditor of ISO 27001 asked me, what is the reference or basis used for the risk assessment methodology that you have in your table? See point 3 of the attached document.
2. Another question, do you know where I can buy the ISO 27001: 2013 standard in Spanish?
-
ISO 27001 certificate
I just started working for a fintech company and they are aiming at getting the iso27001 certificate. I have the two part question, how can I conduct the iso27001 gap analysis and what are the minimum requirements to achieve the iso27001 certificate? -
Change profile from incident management to security compliance domain
I would like to take advice from you regarding my plans to change my current profile i.e., from IT Incident management and to move completely to IT Security Management which involves audits and risk assessment. I don't have any technical background and knowledge in security except having only 7 years of work experience into service desk/service management. I work in India. Currently, I am working with *** from 3.5 years in Incident management which at times involves a few security based incidents that's it. Challenge is that I want to internally move into *** into security management domain but do not have any previous experience, so what's shall I do to get a suitable role of IT Auditor in security management within organization (***) and if not within organization than at least in a different but my first preference will be to move within the organization.
I am going through a big dilemma as to which certification shall I pursue either ISO 27001 Lead Auditor OR CISA OR CISSP because all the three are very costly.Will look forward to your suggestions and advise.
-
Implementation of applicable controls
Hi Advisera Team!
For controls that are applicable for us based on risk assessment, do we need to implement them as stated in ISO 27002, or can we interpret them ourselves? When it should be strict according to ISO 27002, then do we have to implement everything what stays there with the word "shall"?
Thank you for your help!
-
Control A.14.3.1
I want to ask you other questions:
1) I understand that the CISO performs internal audits in a company, but who should audit the CISO?
2) Our company is dedicated to selling ERP in SaaS mode (software as a service), how should control A.14.3.1 (Protection of test data) be implemented? ... it is necessary to obfuscate the information of customers who are in the database?
-
Classification of digital information
I am a journalist and communication specialist. I have experience in media and also in the area of communication advisory in public agencies. I would like to know what is the best way to classify the information, from the communicational point of view, in the advisors of the prefectures with the new mandates?
-
Classificação da informação digital
Sou jornalista e especialista em comunicação. Tenho experiência em mídias e, também, na área de assessoria de comunicação em órgãos públicos. Gostaria de saber qual a melhor forma de classificar as informações, do ponto de vista comunicacional, nas assessorias das prefeituras com os novos mandatos?