Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Statement of Applicability Content
I am taking the training courses for the ISO 27001 foundation course. I have a question regarding the Statement of Applicability document. I understand this document should have the applicable controls from the annex A and some other additional controls. If this document should have applicable controls only, why the table has the option for "Not applicable controls" & the "Reason why N/A"? -
ISO 27799 and ISO 27001
These days I'm interested in ISO 27799:2016 standard. Could you please help me to understand the differences and similarities between ISO 27799 and ISO 27001. If possible please provide me some resource links and white papers. -
Can you figure out interfaces and dependencies??
Can you figure out interfaces and dependencies Sir, Can you please put some light on these two scenarios: 1. I've created a webpage, which is hosted on servers of organisation A. Webpage is just a GUI, at the backend, we're utilising the services of SAINT... basically, our organisation provides customers a GUI and paying SAINT for the services going on the back of our webpage. Can you please point out any interfaces and dependencies involved here? 2. We're using a product called Alienvault, for the SOC analysis. In our organisation we have terminals for analysis ( traffic, vulnerabilities in system etc) . At our customers end we have installed Alienvault software at some nodes. All the logs resides on the servers of Alienvault. Can you please help me figure out the interfaces and dependencies in both the scenarios above???? -
ISMS interfaces and dependencies
what are interfaces and dependencies as per clause no 4.3 in iso 27001:2013, can you please give me examples of interface and dependencies? -
Controls to software related risks
Just wanted to check which control deals with the risk of outdated software, End of Life software -
Risk owners and asset owners
Should we assign two different people to be the Risk Owner and Asset Owner or can they be just one person? -
Backup and recovery checklist
Which iso27001 doc, would contain a checklist on Backup and recovery? i have a client who's auditors are requesting a DR analysis and plan, and was hoping i can cut out the admin part and buy the templates -
Freeware software on product environment
can you please let me know according to ISO 27001:2013 standards can we allow/access freeware on production environment if the organisation is certified with ISO 27001:2013 -
Scope definition considering network infrastructure
my organisation (acme incorp) has two separate networks. one for internal use only and one for shared use between us and a major customer (but we host the network). I am not looking to get iso 27001 certification for my organisation (acme incorp), I am looking for certification for our external network which is a requirement for the contract between us and the customer. I taught, if I could tell the customer our external network is iso 27001 certified, that will give us a competitive advantage for contract renewal when the time come. Am not sure if my explanation is clear. Can I certified a network as so post to a company?