ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Patch management

    1. I would like to know where does patch management fit into the ISO27001. If for example a new critical security update was released by a vendor or a vulnerability management system discovered a missing critical update on an asset would I carry out a 1. Risk assessment against the asset to determine the risk, then do the treatment options and treatment plan or 2. Would missing patches come under defect management and go through some type of SDLC testing and change management before been applied and only do a risk assessment if the patch couldn't be applied because of either a system stability issue or because the patch won't be applied within the time-frame required in a patch management policy?
    2. If a risk assessment should be carried out, does this also mean that after the treatment options are decided for every patch that requires a treatment option the Statement of Applicability must be updated with whatever potential control?
    3. If I had to carry out a risk assessment for every patch that came out it would create so much overhead that it just wouldn't get done. Would have you found as best practice for this?

  • Residual risk in the risk assessment process

    Hi, at what point are residual risks calculated? is it after implementation of the controls?

  • ISO 27017 controls

    I am looking for explanation of the new controls for cloud security in ISO 27017?

  • Becoming a ISO 27001 Lead Auditor

    How to get the ISO 27001 lead Auditor Cert? do I have to get the Lead Implementer first?

  • Toolkit content

    I have a question. I need to create a incident response plan

  • Privacy and information classification

    How the information privacy is considered in the information classification?

  • Security and ISO 27001

    Do you think implementing ISO 27000 will make an organization secured? What all should be taken care or followed after that?

  • Challenges on risk assessment and treatment

    1. How to calculate the risk rating- Calculation of threat value and vulnerability value.

  • ISO 27001 implementation

    How to start the whole ISO 27001 process?

  • Justifications for ISO 27001

    I AM A SELF EMPLOYED COMPUTER PROGRAMER
    I AM NOT WEB BASED
    ALL CLINTS DATA IS HELD ON THE CLINTS COMPUTER
    I HAVE A HTTPS WEB SITE TO DOWNLOAD MY PROGRAMS WHICH ARE USED ON THE CLINTS COMPUTER.
    WHY DO I NEED ISO 27001?
Page 311 of 544 pages