Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Performing risk assessment
I am trying to assist an IT Managed Services provider to implement a security framework within their organisation. No to get ISO 27001 certified, but to give their clients comfort that they have addressed their security risks. I am looking for the process to follow in order to perform the risk assessment and then "map" their new processes to ISO 27001. -
Auditor competences
I know the internal audit must be performed by a qualified internal auditor. Would that have to be an ISO 27001 qualified auditor or would someone with an ISO 9001 Lead auditor qualification, if they built the ISMS, be sufficient? -
Disciplinary process
I hope you can provide me with some general comments. Do we need to include a breach of policy section in each of the ISMS policy documents? What if the breach of policy conditions is too strict? How do we tune them down (for example, if a staff failed to report a breach he/she may be subject to dismissal, too strict?) -
Template content
Document: Guideline on the use of cryptographic measures -
Performing risk assessment
How to conduct risk assessment. I have populated potential threat & vulnerability list. How to populate consequence & likelihood. Please guide me with examples. -
ISMS scope
1. I found the scope document to be similar to the document I have; however, I struggle to understand section 3.4 Networks and IT Infrastructure. Do I only need to understand and document the existing IT environment and the infrastructure in place and in scope? -
ISO 27001 courses
I'm an IT consultant in xxx and I have an IT franchise here. I want to expand my knowledge of IT security. And I wonder if you could tell me a good EAD course on ISO 27001? -
Risk assessment
How/Where I must describe risks on Risk assessment spreadsheet? -
BCMS implementation
Good day, busy with an internal organizational project to implement proper BCMS but are in need of industry experts to assist. Thus, doing a BID Specification document but seeing my first time dealing with such project not sure how to allocate time to activities for a project that could stretch over 2 year period. Will need expert BCM Programme Manager, BCM Expert Implementer and ICT DR Expert Implementer and need to ensure their time is allocated according to activities of such a project. -
Change management
I'm a fresh graduate who just got hired in information security team in the IT deanship of the university that I graduated from, part of our job is to manage changes in our environment, the environment is relatively small and still growing, the IT deanship has approximately 40 employees, we run different services on about 200 servers. As a small security team with limited experience how can we start managing changes in an effective way? in our case, what is considered to be a change? for example, updating the OS of server? blocking firewall port? editing or deleting a database record? is there a general rule that we can follow?