Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Assets of IaaS
I have a question regarding assets of IaaS: Our virtual infrastructure is hosted on MS Azure. MS Data Centers are ISO 27001 compliant. Do we have to assess the risks of the IaaS part keeping in mind that DCs are compliant? Is it possible to not include physical infrastructure (which belongs to Microsoft) in to the asset list in order to reduce the number of risks (it's obvious that they will have acceptable level). And if it‘s necessary to assess the risks of those assets, what could be the applied controls – IaaS agreement with Microsoft, or anything else? -
Risk assessment and BIA
I need some assistance with the Risk assessment and the BIA. Here are my concerns/questions: -
Toolkit content
1. ISMS Scope Document, Processes and Services: If the only location which is included in the scope is the datacenter, can I leave the processes out of 6.1 and limit it to just services? No one is executing the processes (help desk application, server management system, customer relationship management tool) in the datacenter. -
ISO 27001 Implementation
I have a question about Implementation of ISO 27001 at bank. In our bank we want to implement ISO but we have a question about roles and responsibilities of InfoSEC department and Risk Department. InfoSec is under CISO but Risk Department is under CRO. Can you please help what is CRO role implementation of ISO. -
Risk assessment for ISMS and BCMS
I am ISMS at XXX and really want to express my appreciation for Advisera services. I really like the ISO27k related books and articles. My colleague, XXX is the DRP Manager at XXX, he has also acquired your book on business continuity. We both are using the methodologies you are suggesting but we do not meet in the middle for some reason and I assume the following: the RA methodology and the RA Matrix has two axes from 1-5 (we use the formula IxL=R; but the BIA Matrix has the axes from 1-4 and I assume that there is the problem. Can you please advise? -
Residual risk
I'm working on Anti-malware Policy. Our company has subcontractors and employees in different countries. -
Toolkit content - BYOD policy
I have questions about the „Bring_Your_Own_Device_BYOD_Richtlinie_DE". Part 3.2 -
ISO 27001 certification
We're thinking about ISO 27001 certification and I have a following question: we have a headquarters (legal entity) in USA, but all the tech team is located in Moscow, Russia. How does the certification goes in this case? where should we perform it? in USA or in Russia? -
ISO 27001 and ISO 27018
I would like to find out if the ISO 27001 ANNEX A is also used for ISO 27018?