Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk assessment for ISMS and BCMS
I am ISMS at XXX and really want to express my appreciation for Advisera services. I really like the ISO27k related books and articles. My colleague, XXX is the DRP Manager at XXX, he has also acquired your book on business continuity. We both are using the methodologies you are suggesting but we do not meet in the middle for some reason and I assume the following: the RA methodology and the RA Matrix has two axes from 1-5 (we use the formula IxL=R; but the BIA Matrix has the axes from 1-4 and I assume that there is the problem. Can you please advise? -
Residual risk
I'm working on Anti-malware Policy. Our company has subcontractors and employees in different countries. -
Toolkit content - BYOD policy
I have questions about the „Bring_Your_Own_Device_BYOD_Richtlinie_DE". Part 3.2 -
ISO 27001 certification
We're thinking about ISO 27001 certification and I have a following question: we have a headquarters (legal entity) in USA, but all the tech team is located in Moscow, Russia. How does the certification goes in this case? where should we perform it? in USA or in Russia? -
ISO 27001 and ISO 27018
I would like to find out if the ISO 27001 ANNEX A is also used for ISO 27018? -
List of legal requirements
Just finished the first 3 day audit for ISO 27001 and it went quite well :-). I have, however, to fill a list of Legal requirements. This is what I get from https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/: -
Documentation content
1. IT Security Policy: The following two lines are not (technically) implemented, is it obligatory to implement these in case Mobile Device & Teleworking is applicable? -
Becoming a lead auditor
What are the criteria for being a Lead Auditor? -
Access control and working in secure areas
I'm having trouble to decide what information should be included in A.9.1 Access control policy and which in A.11.1 Policy for working in secure areas. A.9.1 refers to rules for access to various systems, equipment, facilities and information, based on business and security requirements for access. A.11.1 refers to the definition of basic rules of behavior in the secure areas. So, the second one is obviously referred to physical areas while the first one is more general. I find it kind of confusing. -
Elaborating a security policy
I know that information security objectives are not the same exact thing as information security policies. However, I find that the essential elements that I wish to capture in a simple policy statement can be crafted from the objectives in Annex A.