Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Employee private devices
Should we include the (private) devices (mobile phones) of our employees in the asset register? In the scope document we have referenced that all assets in the asset register are within the scope. The employees access e-mails via the outlook app and therefore have information of the company on their devices. Is there any up/downside to adding the mobile devices? It would be around 20 devices. -
Career on information security
I can't find any middle & big companies regarding ISMS then how can I start my carrier in ISMS ? -
Media and assets
I'm just an information security management student. And I have a questions about the ISO 27001. Sometimes in the ISO 27001 they talk about media and sometimes about assets. Like the disposal of media and removal of assets. What is the difference between " media" and "assets"? -
Risk management
Un consultor en temas de riesgos a quien apoyo con temas de seguridad informática (material del que soy su cliente) me pide que le colabore con aportes para incluir en su temario sobre GESTIÓN DE RIESGOS EN LA ERA DIGITAL. Les agradezco si tienen informacion que me puedan compartir. -
ISO 27001 and ISO 9001
Can ISO 27001 be integrated with ISO 9001? -
Risk review
We have been ISO 27001 certified for 4 years now. We had generally the same risks each year and the existing controls are sufficient in mitigating them. At this point, we're really struggling to identify new risks to mitigate and apply a risk treatment to each year. In your experience, is it possible to get by with just "existing controls are sufficient in mitigating this risk" for all risks that need mitigating? Or is it an absolute must to show a current risk treatment plan each year? -
Access control policy
Where is my question: Access Control Policy -
Mandatory clauses
I have read your books that I purchased on: -
Certification holder
Hi, I have a client who is seeking to be certified. However, the business is part of a larger company network. They desire to have the larger company be on the certificate, when they seek certification. Could you advise what the issues are in relation to this? They will still define the scope based on the actual assets impacted. It is just that the certificate would be issued to the holding company? -
Major and minor nonconformities
Gostaria de saber se a definição de não conformidade maior e menor apresentada no artigo abaixo é baseada em alguma referencia normativa? https://advisera.com/27001academy/pt-br/blog/2014/06/04/nao-conformidades-maiores-vs-menores-na-auditoria-de-certificacao/