Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Asset inventory
Is there a way for me to create my own asset inventory report based on the information in the article? -
People related risks
I need to understand how "asset name" people can be link to threat and vulnerabilities. I have done other areas but need help with people. -
Implementation of controls
Every control from Annex A is applicable to my organisation to some extent. Do we have to implement all controls ? Or only those controls that are needed to mitigate the risks from the Risk Assessment ? -
Termination of job - activity
I have a question is ISO 27001 contains any control that mentioned the period of time an AD account should be deleted/removed after disabling he account when leaving the company . -
Implementation options
1 - We are a micro business (one employee/director) dealing with large volumes of sensitive personal data in the cloud. Our cloud infrastructure in AWS provides immutable audit trails and automated security alerts etc ie we are as automated as we possibly can be - we use documented Cloud Formation to manage all our infrastructure and audit policies. We are keen to establish ISO 27001 certification. Is it possible to do this without a division of responsibility in the business? -
Template content
Could you please help me if there is any document available for A 6.1.5 -
Security controls review
I need to know how many times need to review security controls in the year? -
Obtaining buy in for ISO 27001
Key Points on these, I need information for this. -
Scope definition
I'm a student working on a project. In this project we need to make the company pre-audit ready. I'm having a hard time with the scope of the ISMS - interfaces. -
GRC questons
We would like to get your advice on these items.