Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk Management and "Asset value" & Asset Criticality
In your booklet "Step-by-step explanation of ISO 27001/ISO 27005 risk management", you use a risk calculation where "asset value" is part of the formula. My questions are: 1) Does ISO 27001/27005 requires the Risk Management process to use asset value as part of calculating the risk assessment level. 2) Does the standard require asset valuation as part of the Risk Management process? Or can be seen as an input, rather than a direct output of the process. That is to say, asset value is important to me as Risk Manager, but I need that input from the organization. It is not my responsibility to produce it as part of the RM process 3) What is the relationship between asset value and criticality assessment (like FIPS 199/200)? Again, I see asset criticality assessment as an input to RM, alas, not something that I am responsible for as part of the RM process. 4) Finally, have you written a solid book (like the one on 22301) that explain in details how 27005 should be applied section for section? -
Inquiry about Gap Analysis
I have been following your studies and materials about ISO27001 implementation on your website. You stated on your website at https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/ that Gap analysis is done only for Annex “A” controls and that, one DOES NOT need to perform gap analysis for clauses of the main part of the standard. I believe you are referring to the mandatory management clauses from clause 4 to 10. ( Please find attached screenshot)
Now, my confusion is coming from the ISO 27001 Gap Analysis tool you provided on your website at https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/?icn=free-gap-analysis-tool-27001&ici=bottom-iso-27001-gap-analysis-tool-txt. In this Gap Analysis tool, you included the mandatory management clauses (i.e. clause 4 to 10) as part of the Gap Analysis checklist when you stated previously that Gap analysis is not performed for the mandatory management clauses.
Can you please explain why?
-
Underscores in a file name
One point that wasn’t answered is regarding underscores in a file name.
In terms of best practice and your opinion, given that all the document templates in your toolkit have underscores is this something you recommend? What is the reason for having underscores in the file name?
-
Update SoA
I'd like to update my SoA due to covid-19 where 90% of user are working remote ?
Can you help on that ? -
Short way to get certified as ISO 27001 and 27002
I want to know the short way to get certified as ISO 27001 and 27002
-
ISMS scope of a digital bank
can I just choose an area to scope? For example, choose Database. I'm kind of lost
-
Patch Management Policy and Vulnerability Management Policy
We are still in the process of obtaining ISO 27001 certification. At the same time, we are receiving many many questionnaires/assessments from customers and prospects. These will hopefully disappear after the certification. In these questionnaires they require “Patch Management Policy” and “Vulnerability Management Policy”. Do you have a template for each?