Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
How do I handle the risk of control?
1. How does one put in the risk/control of the asset?
I have read your website in terms of implementation isms for iso27001.
First I have classified my assets, label them, checked the risk of each.
Now how will this relate to the iso controls?
That I don't understand is that the iso has annex, controls and some questions (or advice)
Because... let me take an example of an annex
Ok, let's say employees are also an asset. So taking the annex 7.2.2
"Information security awareness, education and training"Objective
All employees of the organization and, where relevant, contractors shall receive appropriate awareness education and training and regular updates in organizational policies and procedures, as relevant for their job function.
Does this mean one just has to educate the workers and partners on policies and then he is compliant to this annex?2. I watched one of your videos about ISO27001, whereby the speaker gave a simple method of risk assessment table. So what impact is that table having on the iso requirement?
3. Assuming I have 10 assets but 3 are having a risk but 7 are okay.... which controls of the ISO27001 is this related to?
-
ISO 27001 implementation
bom dia, estou adequando a minha empresa na LGPD, e porem na LGPD, entra a ISO 27001 e estou com duvidas por onde eu começo. e quais informações preciso colher.
-
A.8.3 Media handling
I wonder about security controls in ISO 27001 A.8.3. Which one of them should also include paper as media? A.8.3.1 Management of removable media A.8.3.2 Disposal of media A.8.3.3 Physical media transfer -
Nonconformities and corrections identified during and audit
Can you record nonconformities and corrections in the same document that you are using to capture risks? Example is that we have a risk register spreadsheet which covers all requirements and would like to only have one document capturing all of this if it is allowed.
-
First steps towards ISO 27001
We're looking to start the journey towards ISO27001, but we're not sure where to start. As far as I'm aware we need a Gap Analysis to identify the scope of the project, is this something you could assist with?
-
Information security in project management
What are some of the evidence you can show as demonstrating the practice of information security in project management
-
Conformio implementation plan with ISO 27001
We bought Conformio Implement plan with ISO 27001 Documentation toolkit - can we use Conformio as document storage (it's DMS) since one on the procedures in the toolkit asks us to define this. We would like to keep all our documents on Conformio. -
Roles and responsibilities for ISMS specific processes
Are there any specifics roles and responsibilites that should be defined that are specific to ISMS
-
Legal, regulatory, and contractual requirements
I was wondering if you had any specific tips on filling out the legal, regulatory, and contractual requirements as part of the Appendix? Would you recommend talking to each country’s office and each department as to which rules they have or merely searching online to see what there is?
-
Risk assessment question
1. Pls correct me if my process is wrong, I have identified one risk title and risk level (High) after done risk assessment on one application, then this risk is treated by risk acceptance by risk owner in the period of acceptance time. Thus the risk level after this treatment I keep same level (High) and status close for the period of acceptance time then will be open again after period of acceptance time is over.
2. Risk level of same risk title could be different or not after done risk assessment on different applications?
I do appreciate for your kind comment and support.