Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27017 and ISO 27018 certification
1. Do you know if we certify in ISO 27017 and ISO 27018 how long the certification is for? -
Residual risks
Hi, we defined a methodology in which we calculate inherent risk (impact and probability), then we assess controls by applying a policy (we assess design, frequency and other factors); this has an effect on inherent risk, leaving us with "first" residual risk. If this "first" residual risk is over risk appetite, we treat risks. Here comes the questions: ISO 27001 asks me to approve the residual risk (req. 6.1.3 f) ), but I would have to assess them first to determine is they are over the risk appetite: -
Conditions to pursue ISO 27001 certification
1. Can I obtain a ISO 27001 certification when my environment is not operational yet. I will have policies, procedures(that are not tested) and little evidences as there will be no data to analyze? -
Secure email usage
Hi, I am specifically looking for a policy template that cover secure email usage, can you help me? -
Implementing ISO 27001 information security risk management
In my work place, I'm currently implementing the ISO 27001 standard. Following are the steps followed by me prior to developing the risk assessment plan. I just want to know whether my approach is correct or need any improvements. -
Internal audit planning
My company asked me to be our internal auditor and sent me to your site for training. They're creating an ISMS and hope to have their 1st external audit in September. One of the criteria for the External Audit is for the company to have had a Full System Internal Audit completed. I have finished viewing your ISO 27001 Internal Auditor training videos and I'm currently studying before I take your certification exam. The internal auditor training indicates that the companies ISMS documents need to be reviewed prior to developing the audit plan. My CISO advises me that not all of our company ISMS documents are ready for the Full System Audit but I'm expected to deliver an audit plan based on only the SOA and scope. I'm a little confused. -
Residual risk
An auditor says we should not calculate residual risk before we implement the controls, is it right? -
Legal requirements and security awareness
I bought the ISO 27001 some months ago and now I'm implementing the standard in one company called XXXX which I'm partner and tech lead. We talked last week with Rhand Leal using the one hour call included in the bundle. -
ISO 27005 and ISO 27001
Our XYZ is in the process of implementing ISO 27001:2013. However, the XYZ has issued a directive saying that information security risk management process should be done accordance with ISO 27005:2011. So, my question is, comparing to ISO 27001 what additionally do we need to implement or consider when adhering to ISO 27005 :2011? -
ISO 27001 and application security
Hola buen día, mi pregunta es la siguiente : me sirve la ISO 27001 para proponer un esquema de seguridad en una aplicación móvil... o que norma me recomendarían para el esquema de seguridad (app móvil).