Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO Lead Auditor certification/recertification
I was asked today if ISO Lead Auditors must be recertified annually. I do not recall that requirement from the Lead Auditor training/certification nor can I find anything online that would indicate recertification is necessary. However, HITRUST CSF Practitioner does require recertification and refresher courses, so it would seem reasonable that BSI or Exemplar would also require recertification/refresher courses.
-
External and environmental threats
How to protect against external and environmental threats according to ISO 27001. and what are the steps that I need to consider? A.11.1.4
-
Annex controls in SOA
I am a little confused on the SOA document, this document is suppose to directly reference the Annex A controls, in the SOA it says
There is no a.5.1.1 in the annex A controls I have, also 6.1 in the SOA talks aboutInformation security roles and responsibilities. where did that come from in Annex A controls? I just have BYOD and mobile device policies.
-
Physical access audit records
I want to know what are the records that need to be collected for physical access audit?
-
Key Universal Principles of Segregation of Duties
Kindly provide me with the key universal principles of segregation of duties with their explanations.
-
ISO 27001 Internal Auditor or Lead Auditor
I want to know if ISO 27001 internal auditor is better for me or lead auditor. I have already completed 200+ remote audits. Just want a certification to support.
-
ISO 27001 Lead Implementer Course
I attend the ISO 27001 Lead Implementer Video training course and I want to know is the training contents designed by Advisera or by standard bodies as BSI or PECB. I noted that the whole course explaining project management approach for implementing the standard more that a security related project. My question for the instructor “ is this training will help me to pass the BSI or PECB ISO 27001 Lead Implementer exam or it is designed only for Advisera?
-
Review ISMS document
I am reviewing the existing ISMS scope document, the last reviewed this document was October 2018. what I should review & analyze for this document. please let me know which area I have to review.
-
Implementation of iso 27001 controls
Hola bt soy analista de riesgos hace 3 años y estuve realizando un análisis gap de la iso 27001 de los 114 controles, ahora tengo como resultado un porcentaje global que no me indica por donde debo comenzar a implementar controles indico que no es para certificación sino como proceso de gestión de riesgos, quisiera saber si hay controles mas importantes que otros, a lo mejor me comentará que de acuerdo a los que le apliquen a la empresa, pero le aplican todos, le comento que la revisión la hice a nivel detalle y tengo un porcentaje de cumplimiento por control yo iniciaría por los que quedaron mas bajos en porcentaje pero quiero saber si hay un orden de reelevancia a este caso o por buenas prácticas me pueda comentar algo. De antemano agradezco su ayuda.
(Hello, I am a risk analyst for 3 years and I was carrying out a gap analysis of iso 27001 of the 114 controls, now I have as a result a global percentage that does not indicate where I should start to implement controls, I indicate that it is not for certification but as risk management process, I would like to know if there are more important controls than others, maybe you will tell me that according to those that apply to the company, but they all apply to it, I told you that the review was done in detail and I have a percentage of compliance by control I would start with those who were lower in percentage but I want to know if there is an order of re-relevance to this case or for good practices can you tell me something. I appreciate your help in advance.)
-
SGSI measurements
Como establecer las mediciones del SGSI?