Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Implementation support
Thanks for your reply, I am actually looking for implementation support for following controls of ISO 27017 CLD.6.3.1, CLD.8.1.5, CLD.9.5.1, CLD.9.5.2, CLD.12.4.5, CLD.13.1.4. -
Access control policy and password policy
If we decide to have an Access Control Policy and a Password Policy - which sections of annex A of the ISO standard are relevant for each document (which reference controls out of annex A)? I’m having a hard time getting the right controls into each document. Of course you put them in each policy, but sometimes I’m able to delete one control out of the policy if I decide to have a separate policy for a specific topic. Maybe some have to exist in both documents, maybe some are enough if they’re just in one. Can you please list them quick for me for each document? -
Cyber attack security controls
I would like to know, which standard is responsible to identify the cyber attack security controls and precaution measures is it ISO-22301 or ISO-27001. In our organisation myself managing the BCM department which is complying to ISO 22301, our IT team is maintaining the ISO 27001, however, their BCP has been developed by us in collaboration with them. The plan is generic, outline the response to any major incident such as loss of power, fire, cyber attack..etc. My new line manager is insisting that it is the BCM department responsibility, I have a doubt and I need some advice. -
Templates content for risk assessment and treatment
In which package do I find a matrix of risk analysis, controls and residual risk?' Is it this one https://advisera.com/27001academy/documentation/risk-assessment-table/ ? -
SoA classification level
What level of confidentiality is normally chosen for the Statement of Applicability? Internal use? Restricted? I guess only these two are relevant?! -
ISO 27001 and third party data risk
I would like to know how ISO 27001 can be implemented to prevent third party data risk -
Supplier evaluation
I would like to know if there is any template how to evaluate suppliers and guidelines for that? -
PCI QSA certification and ISO 27001 LA course
Will this program (ISO 27001 LA course) satisfy the requirement for an auditor certification to pursue the PCI QSA certification? -
ISO 27001 - Policy for permitted use / Policy for information transfer
I have a question about chapter 4 - "management of records relating to this document“ (inside the policy for permitted use). -
Policy users
1 - Why are the users of the policy (Policy for information transfer) limited to organizational units for information and communication technology?