Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 22301 LA course
I am already officially ISO 27001 lead auditor certified and would like to get ISO 23001 lead auditor certified as well for the benefit of the company where I work and the role which I am covering. -
Communication of information security
Thanks a lot for your feedback on the matter. Much appreciated. In the meantime would you or your colleague clarify the below query: -
Secure & Simple book content
I noticed that clause 9.3 b) in the ISO 27001:2013 is missing from your book under clause 9.3 which deals with Management review: -
Training content
I've been looking through Adviseras' ISO27001 training modules in an effort to understand the suitability in certification path for my team. -
Relevant ISO standards for information security
Is it fine to say that the first five ISO/IEC 27000 family of standard are the most critical standards for the information security posture of any organisation -
Control: 14.1.3 - Protecting application services transactions
I’m having some troubles with the following control: 14.1.3 Protecting application services transactions -
ISO 27001 career
1 - So, my scenario here is i have been into IT infrastructure Services(Systems/Networks/SOC) for past 5 years and now have taken a short gap from my job and planning to pursue my goals in correct and passionate way. So while looking around i find the Info. Sec. domain as my goal and decided to do pursue further into it leveraging my past experience in IT. But unfortunately i don't hold any of the ISO/ISMS knowledge as of now, but would love to do pursue further into it. For the same seeking your kind advise in what direction should i pursue further as Management/Auditing fascinates me more than technical side of Info Sec. domain. So, shall i go ahead and pursue the ISO 27001 cert ? -
CAR, PAR, Security control
Hi, we have done a Risk Assessment and we are now in the process of choosing security controls. We are using security controls which align with industry standard like ISO 27001 and we are also choosing controls which were individual designed by us and fits to our company. In this context what is the difference between C.A.R/P.A.R and these security control? From my understanding if a control is not implemented yet, we can make some kind a project plan to fullfil our controls. But as I also understand we can create a C.A.R to implement these controls or? -
Log monitoring and review
We've implemented automatic log monitoring by sending alerts from the rules violation for the logs. Now since monitoring of logs through sending automatic alerts has been implemented, do we also need to conduct log reviews for ISO 27001 ? -
Scope communication
In 27001 implementation who should know about scope statement?