Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Requirements of ISO 27001 to be implemented by the CSP
1 - I need a clarification in my ISMS scoping: My organization is obtaining hosted cloud services with proper VPC segregation. We manage the operations in terms of app development, change management and maintenance. The CSP is already certified for ISO 27001. If I need to implement ISO 27001 for my organization, I need to understand which are the requirements that I should implement and which will be covered by the CSP? -
Risk assessment approaches
If you are already ISO27001 registered can you changed from an Asset-based risk assessment to a Scenario-based Risk Assessment? -
Internal audit client
We, Internal audit will be performing an ISMS audit based on the IT department request who should we report to in terms of our findings ? is it the IT department or the AC as per the norm? -
Risk assessment participants
It is the first time that my company will applies the ISO27001 and my doubt is about who must perform the risk assessment, the IT Department , RRHH, the Informations Security Manager or who… -
Selecting qualified ISO 27001 certification auditors
We’ve shortlisted a few ISO auditors. -
ISO 27001 and Information Security manger
what this standard define with respect to Information Security manger? -
Inventory of assets
I need assistance coming up with what could be company wide assets and risks. I have laptops, desktops, paper documentation, electronic documentation, fax/printer, off-site/external/outsourced services and the process that involves their deactivation of their accounts once terminated, and USB devices and memory sticks. These would be company wide assets that would apply to the company as a whole. Physical security and building management will be worked on by the building manager. For company wide assets, I cannot think of anymore... company assets that will need some sort of control that will be relevant for every employee. This would also exclude anything IT related such as software, cables, server, etc. What do you think could be more company wide assets that need to be added? -
Who must perform the Risk Assessment within the Company?
It is the first time that my company will applies the ISO27001 and my doubt is about who must perform the risk assessment, the IT Department , RRHH, the Informations Security Manager or who... -
ISO 27k project sponsor
We are implementing ISO27K by end of year 2017. However, my question is though the standard does not clearly indicate: who should an internal ISO lead implementer and official report to in managing iso27k related project in an environment where an information security manager exists? -
Asset inventory content
For the Inventory of assets, do I state what information in specifics I have on my computer, what information I have in paper documents in my cabinets, every software/application I have installed on my computer, and all company hardware assets I have? For every employee to name every document they have electronically and in paper form could take a very long time. Is this the case? What specific assets/information do I need to include in the inventory of assets?