Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Managing information security incidents
I have a problem with a high number of information security incidents. I work in public organization, hiring more than 800 people. Everyday some phishing emails are delivered to their email boxes and some of our employees reporting such events to me. However I have some doubts concerning correct identification of this events. I am not sure if my interpretation complies with ISO 27001. I treat all these phishing emails as information security incidents with low priority , even if particular employees do not open attachments or links to this emails or do not response to their senders (no malware infection or loss of confidential data). I do this way, since I believe the fact, that phishing email successfully delivered and do not blocked by anty-spam filters make a serious risk of data breach, malware infection due to poor awareness of information security presented by our employers. The problem is that I have 3-4 incidents per day. -
Template content
I have a question about the report on risk assessment and risk treatment. -
ISO 22301 audit
Thanks for your advise but I have a small problem , the implementation of ISO 27001/22301 is ongoing in my bank as at today; so , I had already passed my certification as known for ISO 27001 with Digital Jewels certification body but not yet for ISO 22301. I was designated in my company as ISO Auditor . it’s now my responsibility to perform the both audit standards in my company but I not yet passed the certification for ISO 22301. So, I want to passed again to be able to perform these both standard. My question is , how can I do to obtain again that certification. -
Information security on managed offices
I was wondering if you can help me out with a 27001 question. I have a client that is in a managed office and therefore does not own the door to their office and employees of the managed office space access their office (to deliver post, let contractors in out of hours to do work, cleaners etc). I don't believe they are allowed to put their own lock on the door so how can this satisfy A.11 or does it need to be excluded from scope? -
ISO 22301 clause 4.4
Please can you assist me with clause 4.4. How would I show evidence of this? Do you have an example? The auditor has asked for this with the following statement:Validate the org have identified BCMS processes and their interactions. -
Templates for software development
I am looking for templates/packs that would cover software development. We already have 27001, 17 and 18 -
Questions about certification
1. Is it mandatory to implement Business Continuity Management to obtain the ISO 27001 ? -
Toolkit content and SoA
1. In section 3.6.2 (Relations with external parties) of page 6 in the attached Security Procedures for IT Department document, could you provide clarity/explain what each of the bullet points below are driving at? -
Rules for identification, collection and preservation of evidence
Where is my question (in which document): Rules for identification, collection and preservation of evidence (self-created); -
Certification as a Lead Implementer and Lead Auditor
I'm currently working as the Senior Information Security Administrator for a XXXXX that will be undergoing its first ISO 27001 annual audit (initially certified last September) next month. For this reason the Internal Auditor Course has been invaluable, especially as I and my colleagues prepare for the audit, and I plan to take the exam and obtain the certification as soon as I complete the course.