Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk assessment
How/Where I must describe risks on Risk assessment spreadsheet? -
BCMS implementation
Good day, busy with an internal organizational project to implement proper BCMS but are in need of industry experts to assist. Thus, doing a BID Specification document but seeing my first time dealing with such project not sure how to allocate time to activities for a project that could stretch over 2 year period. Will need expert BCM Programme Manager, BCM Expert Implementer and ICT DR Expert Implementer and need to ensure their time is allocated according to activities of such a project. -
Change management
I'm a fresh graduate who just got hired in information security team in the IT deanship of the university that I graduated from, part of our job is to manage changes in our environment, the environment is relatively small and still growing, the IT deanship has approximately 40 employees, we run different services on about 200 servers. As a small security team with limited experience how can we start managing changes in an effective way? in our case, what is considered to be a change? for example, updating the OS of server? blocking firewall port? editing or deleting a database record? is there a general rule that we can follow? -
ISO career
I am doing Job in IT support for last 10 years, In that, I have experienced ISO 27001 and ISO 9001 implementation for 5 years. Now I am decided to make or switch career totally into ISO Standards. So I am doing a study of the ISO 27001. Please suggest is it good to go or I have to continue as in IT support? -
SoA update
Hi, should we update the statuses in the SOA ongoing or is this done annually? -
Security objectives for IT Helpdesk function
As per my understanding IT Helpdesk function deals more with quality than Information Security. So, if same is added in scope of ISO 27001 certification, what kind of security objectives we can define and measure for IT Helpdesk function? Could you please help? -
Documentation content
- I am working through the Statement of Applicability and have found that the Control Objectives listed in the Statement of Applicability do NOT align with those found in the PDF ISO 27001 Controls and Objectives. In the Statement of Applicability it shows the control for A.6.1.2 as Segregation of duties, but then when I go to the PDF for the 270001 Control and Objectives it shows A.6.1.2 Information security coordination.
- Based on the response , can you please provide the 2013 Annex A List of Controls and Objectives, as the one I have is 2005 and does not align with the Statement of Applicability in the toolkit.
-
Asset inventory and Organizational context
1. What should we document for people asset and how is the risk treatment done for this? -
Secure development KPIs
Thank you for all your advise - wondering if you can share some thoughts around KPI's to measure compliance with a secure development policy - practical tips only please, any reports you can think of Infosec can ask for - scenario is agile/ devops? -
ISO 27005 study material
I am currently pursuing ISO 27001 foundations from Advisera. However, before going ahead with an Auditor/Implementer course, I am interested in understanding the ISO 27005 standard. Will it be a right move? And also, I cant seem to find an ISO 27005 course on Advisera, can you help me point to some reference for study?