Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk Assessment - change
Hi dear Team,
as we made the Risk Assessment initially, a couple of months ago, we've had some servers in one of the locations, which had high Risk levels. Now, we've moved them to the cloud, and don't have those risks anymore. Should we now perform the Risk Assessment again? If yes, should the previous version be saved as well?
Thank you!
-
ISO 27001 course and materials related to 2017 revision
Hello, I want to do the iso 27001 course but I see that the one taught is not the current one for 2017, do you think that you will update it in a short time? The (2013) standard is certainly in force, but it would be nice if you indicated the variations with the 2017 standard in the course. Thanks again.
-
GDPR compliance
How much time is required if you are a startup company with no governance structure to acheive gdpr compliance ?
-
ISO 27000: IT technical consultant
Do I need to be an IT technical savy to be ISO 27000 consultant? I'm a BCS professional but into ISO consultancy services. Please advise to become one
-
Implementation of ISO 27001 Guidelines
How can I make a guideline to make a timeline for the implementation of ISO 27001
-
Risk register
Just a quick question, is it right that a client could ask to see a risk register of a company. Also all Vulnerability let's say a Vulnerability scan found certain ports open within a company then the owner enters this into the risk register this could then be seen and passed onto a potential client. So gist of my question is should we enter all Vulnerability found from a scan into risk register knowing that a potential client could request this.
-
Risk assessment reference
1. There is a question that the external auditor of ISO 27001 asked me, what is the reference or basis used for the risk assessment methodology that you have in your table? See point 3 of the attached document.
2. Another question, do you know where I can buy the ISO 27001: 2013 standard in Spanish?
-
ISO 27001 certificate
I just started working for a fintech company and they are aiming at getting the iso27001 certificate. I have the two part question, how can I conduct the iso27001 gap analysis and what are the minimum requirements to achieve the iso27001 certificate? -
Change profile from incident management to security compliance domain
I would like to take advice from you regarding my plans to change my current profile i.e., from IT Incident management and to move completely to IT Security Management which involves audits and risk assessment. I don't have any technical background and knowledge in security except having only 7 years of work experience into service desk/service management. I work in India. Currently, I am working with *** from 3.5 years in Incident management which at times involves a few security based incidents that's it. Challenge is that I want to internally move into *** into security management domain but do not have any previous experience, so what's shall I do to get a suitable role of IT Auditor in security management within organization (***) and if not within organization than at least in a different but my first preference will be to move within the organization.
I am going through a big dilemma as to which certification shall I pursue either ISO 27001 Lead Auditor OR CISA OR CISSP because all the three are very costly.Will look forward to your suggestions and advise.
-
Implementation of applicable controls
Hi Advisera Team!
For controls that are applicable for us based on risk assessment, do we need to implement them as stated in ISO 27002, or can we interpret them ourselves? When it should be strict according to ISO 27002, then do we have to implement everything what stays there with the word "shall"?
Thank you for your help!