ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Internal audit results

    1- Hope all is well with, we conduct an ISO audit as a part of Internal audit plan. What happens if we have repeat minor nonconformity findings (two of them).

  • Information security resources

    I was dealing with information security topics in my previous work, a few years ago, and after that, my journey changed a bit and went to the other side.

  • Qualifications to perform ISMS internal audits

    I want to understand the qualifications that are recommended to perform ISMS audits internally. I firm believe that certification give a person accreditation to perform such audits.

  • Patch management

    1. I would like to know where does patch management fit into the ISO27001. If for example a new critical security update was released by a vendor or a vulnerability management system discovered a missing critical update on an asset would I carry out a 1. Risk assessment against the asset to determine the risk, then do the treatment options and treatment plan or 2. Would missing patches come under defect management and go through some type of SDLC testing and change management before been applied and only do a risk assessment if the patch couldn't be applied because of either a system stability issue or because the patch won't be applied within the time-frame required in a patch management policy?
    2. If a risk assessment should be carried out, does this also mean that after the treatment options are decided for every patch that requires a treatment option the Statement of Applicability must be updated with whatever potential control?
    3. If I had to carry out a risk assessment for every patch that came out it would create so much overhead that it just wouldn't get done. Would have you found as best practice for this?

  • Residual risk in the risk assessment process

    Hi, at what point are residual risks calculated? is it after implementation of the controls?

  • ISO 27017 controls

    I am looking for explanation of the new controls for cloud security in ISO 27017?

  • Becoming a ISO 27001 Lead Auditor

    How to get the ISO 27001 lead Auditor Cert? do I have to get the Lead Implementer first?

  • Toolkit content

    I have a question. I need to create a incident response plan

  • Privacy and information classification

    How the information privacy is considered in the information classification?

  • Security and ISO 27001

    Do you think implementing ISO 27000 will make an organization secured? What all should be taken care or followed after that?
Page 311 of 544 pages