Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
BIA and business strategy
How to incorporate BIA into company's digital transformation strategy? -
Weak signal detection and ISO 31000
I do BIA at clients without ISO. Though I will follow this week an ISO 31000 course and exam. How to include weak signal detection (foresight)? How to integrate - link with ISO 31000? -
Activity Recovery Strategy and Plan
I am for the first time using your two templates that deal with these two areas of developing the plans. Both of these deal with each and every activity individually. It seems a lot of documents a lot of detail and I am wandering what the reason may be. With the kind of solutions around today where virtualization, replication, warm sites etc. recovery of ICT is almost a matter of flicking a switch. I am busy with a very large client with a complex environment and can see the need. I also recently did a small client with a simple environment where ICT is replicated at the alternate site, switched over and users are able to work, we have Simplicity in between. The need for individual focus in this way was not necessary so strategy and plan was one document. This could apply equally to a large environment if they choose such a solution. -
Risk value calculation
When completing the risk assessment table, should the risk value (specifically the Likelihood component) be decided on before or after considering any existing controls? -
BCM documentation
Actually we are kick starting BCM program in XXXX. We have floated RFP and currently doing technical evaluation of bidders. We are still not sure that whether to go with consultant or at our own. We are large sized company with more than 16000 employees providing telecom services throughout Pakistan with many services such as fixed and wireless broadband, carrier services, corporate and cloud services. -
ISMS Controls
Considering that the control sets in ISO27002 are essentially open-source, unless there is any organisation specific control measure mentioned in the Annex A that might be particularly sensitive, would the SofA generally be considered a sensitive document in itself? -
Security control context
"Estoy aprendiendo sobre su sistema, estoy buscando información para hacer el contexto de un control existe algún documento sobre eso?" -
Information Classification and Handling according ISO 27001
What does a Company's Information Classification and Handling guide looks like in relation to ISO 27001? -
Elaborating an audit checklist
Quick question, what would be the best way to draft the audit checklist? Would you recommend working from the document review and form a check list from that or do it by the Statement of Applicability. -
Lead auditor and lead implementer courses
I am a cyber security consultant and as part of education, i am looking at ISO27001 and was kind of confused if i should do the Lead Implementer or the Lead Auditor course…