Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 certificate
I just started working for a fintech company and they are aiming at getting the iso27001 certificate. I have the two part question, how can I conduct the iso27001 gap analysis and what are the minimum requirements to achieve the iso27001 certificate? -
Change profile from incident management to security compliance domain
I would like to take advice from you regarding my plans to change my current profile i.e., from IT Incident management and to move completely to IT Security Management which involves audits and risk assessment. I don't have any technical background and knowledge in security except having only 7 years of work experience into service desk/service management. I work in India. Currently, I am working with *** from 3.5 years in Incident management which at times involves a few security based incidents that's it. Challenge is that I want to internally move into *** into security management domain but do not have any previous experience, so what's shall I do to get a suitable role of IT Auditor in security management within organization (***) and if not within organization than at least in a different but my first preference will be to move within the organization.
I am going through a big dilemma as to which certification shall I pursue either ISO 27001 Lead Auditor OR CISA OR CISSP because all the three are very costly.Will look forward to your suggestions and advise.
-
Implementation of applicable controls
Hi Advisera Team!
For controls that are applicable for us based on risk assessment, do we need to implement them as stated in ISO 27002, or can we interpret them ourselves? When it should be strict according to ISO 27002, then do we have to implement everything what stays there with the word "shall"?
Thank you for your help!
-
Control A.14.3.1
I want to ask you other questions:
1) I understand that the CISO performs internal audits in a company, but who should audit the CISO?
2) Our company is dedicated to selling ERP in SaaS mode (software as a service), how should control A.14.3.1 (Protection of test data) be implemented? ... it is necessary to obfuscate the information of customers who are in the database?
-
Classification of digital information
I am a journalist and communication specialist. I have experience in media and also in the area of communication advisory in public agencies. I would like to know what is the best way to classify the information, from the communicational point of view, in the advisors of the prefectures with the new mandates?
-
Classificação da informação digital
Sou jornalista e especialista em comunicação. Tenho experiência em mídias e, também, na área de assessoria de comunicação em órgãos públicos. Gostaria de saber qual a melhor forma de classificar as informações, do ponto de vista comunicacional, nas assessorias das prefeituras com os novos mandatos?
-
Specific legal requirement/protection by implementing ISO 27001
What is the specific legal requirement/protection we'd have by implementing ISO 27001?
-
Mandatory controls for SoA
Hi. I've recently bought your template pack for ISO 27001. I was told i could just send you a message if a questions popped up. Right now I'm about to do the SoA but is there anywhere I can find the full list of all 114 controls? And can i somehow see/know which of them are mandatory to implement?
-
Differences between ISO 27001 and SOC 2
What are the main differences between ISO 27001 and the american certification SOC2?
-
Conducting implementation/audit using ISO 27001 and ISO 27701 simultaneously
How does one conduct an implementation / an audit using ISO 27001 and ISO 27701 simultaneously?