Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Compliance list
Hello, I'm trying to prepare the interested parties and "List of regulatory, contractual and other requirements" list prior to defining the scope. It is easy for me to list some interested party requirements when the interested party needs something, such as customers (i.e. they need to protect their information) or government agencies (i.e. they want you to comply with the laws & regulations) etc... But i dont know how to list the requirement when an interested party impacts organizations information security, for example an employee working in a public place and connecting to organizations network remotely, or supporting company personnel connecting to organizations wireless network, or an untrained employee clicking on a link in a phisihing mail etc. Thanks in advance. -
Information security implementation
Based on little more than general awareness of security risks, we had a technical security review done. The conclusions were pretty damning. We are a small UK/Norway company using lots of data. We're pretty thinly staffed on the IT side (half an FTE, if that), but want to make sure we do this properly. Were do we start; hiring a cyber expert, cyber essentials, or ISO27001? I am a bit worried that we are spending more time 'doing documentation' than actually improving security. All advice welcome!! -
List of legal requirements
I need to fill in the list of law and regulations and other contractual commitments. Do you have an example of one based on the European law? -
Cyber Essentials
We are a small organisation. How do I decide whether cyber Essentials is the best Place to start or go for ISO27001? -
Certification requirements
Can the ISO Implementation Engineer state that the MSSP Department is Certified, while the audit has been scheduled for the next cycle. I believe without the real implementation and audit in place, they cannot simply announce it as certified. Correct me if I am wrong, please. -
Toolkit content
Reviewing the toolkit, in the folder: "08_Anexo_A" I do not see the following controls: -
Information security career
What are the career prospects and which is the right path to learn information security? -
Information security policies
I have a question about the templates. There is a template in folder 04 called Information_Security_Policy, but this document appears to be the Information Security Management Policy. It is similar to the policy explained in the tutorial "How to write the ISMS Policy according to ISO 27001," and it appears to be a higher level document. I am unable to locate the more in depth Information Security template. Is that included somewhere within the toolkit? -
Security on social networks
Como proteger e impedir o vazamento da informação pelas redes sócias? -
Support material for online courses
Is it possible to become certified with taking this course alone? Is it necessary to buy the ISO books?