Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Courses for consultants
Can you please suggest me the training courses applicable for Conformity and Certification Services? -
Procedure for A.18 Complaince
I downloaded a sample for templates for ISO 27001 documents. But it doesn't include the "procedure for A.18 Complaince". Can you please share a sample? -
Operations security
1 - Hi, does the control "A.12. Operations Security" in Annex A of ISO 27001 standards apply to server systems (where the applications/services are actually running) or the employee laptops/PCs (company assigned) ? -
Applicability of control
The Dutch documentation set lists a.17 Rampen Opvang Plan (Disaster Recovery Plan) as mandatory. In the Declaration of Applicability, I have listed that making an appropriate backup plan is applicable. We have that backup plan in a separate document. Do you still think I should have a disaster recovery plan, or is that more for the business continuity standard? -
Rationalizing RPO
If I have an RTO for a system of 1 hr and the RPO as per backup data by IT is 4 hrs how would I rationalise the RPO? I know the business would have to suggest a suitable RPO..but how can it be rationalized? Is there a particular formula to use or ? -
Information security policy content
What should a information security policy statement of an ISMS include? -
Risk management according to ISO 27001, ISO 27005 and ISO 31000
it is regarding the ISO 27001 certification. The company I work for would like certified against the ISO 27001. So I need to write a risk assessment methodology. And it is been a while since I have done this.. the question lies on the business impact analysis. according to the website I only likelihood en impact assessment I don't see CIA ratings. But I think it is because the website refers to ISO 31000 and I am using 27005. 27005 does say something about asset valuation when you identify your assets. Based on my education I only know the method to classify CIA ratings against a process not an individual asset.The question is more like if you identify your assets that are supporting a specific business process, and threat and vulnerabilities and you don't use a BIA, but you go straight to assess the likelihood and impact just by saying it is low medium high then you don't use the iso 27005 standard if I am correct? -
Study references
I'm preparing my self to ISO 27001 Practitioner APMG certification. Did you have any reference or books for helping me to achieve this objective ? -
Alcance certificación ISO 27001
Trabajo en una empresa grande de telecomunicaciones, y han dicho que nos tenemos que certificar este año en la 27001. Pero no han definido el alcance, preguntando a especialistas, nos dicen que se certifican procesos, pero por otros lados veo que se certifican áreas, y la verdad no he encontrado el alcance de la certificación. Se certifican por áreas o procesos entonces? -
ISO 27001 implementation
I am tasked with the responsibility of establishing a secure by design road map, by developing and implementing a ISMS for the business. I am quite new to the industry and really do not have a clue on how to go about this. Would you be able to talk/walk me through a step-by-step (end-to-end) process/guide on how to achieve this humongous task set before me by the business please?