Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
BS EN ISO IEC 27001 2017
Are you able to advise on the difference in clause 6.1.3 for the new 2017 standard of 27001? We have seen a lot of websites saying there is a new standard and we have the changes for annex 8 just not clause 6.1.3. -
Identifying threats and vulnerabilities
When we are preparing Risk assessment, that time which one do we consider first or talk about first threat or vulnerability as per the article threat comes first but I want to understand technically which comes first -
Roles and responsibilities in incident management
Hi Dejan, in the file “Procedimiento_para_gestion_de_incidentes_ES”, it’s in A.16 folder, I look for Roles and responsibilities but I don’t find anything, thanks. -
Selection of internal auditors
Nuestra institución está en el proceso de implementación la NTP-ISO/IEC 27001:2014 (es la Norma Técnica Peruana que adoptó en la ISO 27001:2013). -
Lead auditor certification requirements
Does my ISO 9001 cert. and 5+ years auditing experience (ISO 9001:2008 & ISO 13485:2015) provide any credit towards certification ISO 27001? Specifically the 20 hours of observation, etc. -
IT Risk Management Material
I am talking to a client in the telecom space. They have asked me to help with the best practices for IT Risk Management as they are in the process of implementing IT GRC. I would appreciate if you could share some material on the same. What comes to my mind is ISO 27005, NIST and Risk IT. I would take any material that you could share. -
Statement of Applicability Content
I am taking the training courses for the ISO 27001 foundation course. I have a question regarding the Statement of Applicability document. I understand this document should have the applicable controls from the annex A and some other additional controls. If this document should have applicable controls only, why the table has the option for "Not applicable controls" & the "Reason why N/A"? -
ISO 27799 and ISO 27001
These days I'm interested in ISO 27799:2016 standard. Could you please help me to understand the differences and similarities between ISO 27799 and ISO 27001. If possible please provide me some resource links and white papers. -
Can you figure out interfaces and dependencies??
Can you figure out interfaces and dependencies Sir, Can you please put some light on these two scenarios: 1. I've created a webpage, which is hosted on servers of organisation A. Webpage is just a GUI, at the backend, we're utilising the services of SAINT... basically, our organisation provides customers a GUI and paying SAINT for the services going on the back of our webpage. Can you please point out any interfaces and dependencies involved here? 2. We're using a product called Alienvault, for the SOC analysis. In our organisation we have terminals for analysis ( traffic, vulnerabilities in system etc) . At our customers end we have installed Alienvault software at some nodes. All the logs resides on the servers of Alienvault. Can you please help me figure out the interfaces and dependencies in both the scenarios above????