Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Cryptographic controls
With regards to the ISO 27001, domain 10 talks about performing a risk assessment to ascertain the appropriate level of cryptographic protection. I want to know how i can perform this risk assessment. -
Is ISO 27002 mandatory?
Does an ISO 27001 certification REQUIRE that you select your controls from ISO 27002, or is this just one of the options? As I see it, the goal of ISO 27001 is to ensure that you select and implement the controls that are needed based on the risks of the assets you want to protect. Period. From which control framework these controls originate (ISO 27002, NIST, BSI, Cobit, etc.) should not matter. So, an ISO 27001 auditor should not force me to use ISO 27002. Is that correct? I've asked two ISO 27001 Lead Auditors, and got two contradicting answers. What do you think? Is there any clear guidance in the ISO standards (which?) that clarifies this issue? -
Information security management policy vs information security policy
Is the Information security management system policy the same thing as the information security policy? -
Risk likelihood
If an incident has already occurred and is added to the risk register, what do we set the level of likelihood to? Do we calculate the likelihood of the impact of the risk re-occurring or set it to having a high likelihood as it's already occurred? -
Approach for the document management
I believe that we have to use the following approach to develop this BCM document. -
Interfaces and dependencies
Can you explain and give examples on the requirement in ISO 27001 standard, 4.3 (c) interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations. -
ISO 27001 Lead Auditor course content
Does the ISO 27001 Lead auditor course includes cybersecurity topics? -
Managing time on security self-development
How does an IT professional manage his time well? I enjoy keeping up with all the latest threats/news, but then if I do too much of this, then I can't focus on my studying of SCCP or other more important topics that helps build my core technical skills. I have other eBooks that I read from my phone; 1 relating to networking, another on Cloud Security, another on Windows AD, another on WireShark Network Analysis, plus my 9-6 IT Support day-job. There must be some way to balance all these so as not to over-develop in one area & neglect the other? -
Writing procedures
Who is responsible of writing procedures in ISMS project? the ISO implementer or the IT staff? -
Defining scope
My question concerns a small company that sells an IT solution to big industrial companies. Some of the prospects are beginning to ask about Information Security Policies and Procedures but the company needs to avoid an overkill project but at the same time make its big customers feel that their investment is safe. The project has to address the fact that the customers need to protect their investment in the projects we sell. I am at loss at what to do...