SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Controls elaboration
Gostaria de saber como faria para dar uma nova roupagem nos controles da norma, isto é, como eu faria para falar de alguns controles da norma 27001 com as minhas próprias palavras, em vez de copiar e colar informações sobre os controles da norma. -
Records maintenance
Regarding software Requirements and Software design, Is there any fancy way of writing and maintaining records? As a developer we don't like to read a document with 100s of lines. -
BCP and DRP
Currently we have DR Site, we do have a Disaster Recovery plan - Currently we don't have any BCP - However what I understand is Disaster Recovery plan is a part of BCP. currently as per the advise from the security company to write a procedure in BCP. I wanted to understand that how to implement BCP and the core difference between them and how to accommodate it within our organization.? BCP means as Global which needs to include not only IT department but also to involve HR, Finance and management? -
ISO 27001 implementation
Quiero consultarte sobre las actividades de implementación del SGSI basado en la norma ISO27001:
1. He esquematizado como iniciar partiendo de 4 pilares: Políticas de seguridad (tenemos, hay que mejorarlas), Análisis de Riesgo tenemos uno que trabajamos con el equipo de Análisis de Riesgo Tecnológico, Estructura de Seguridad – trabajamos con 2 secciones, una seguridad operativa en el área de TI y otra en Riesgo, y un Plan estratégico que hoy día está fundamentado en mejora continua de lo que se tiene y la implementación del SGSI.
2. De la información que tengo de los trabajo realizados identifico 5 procesos críticos (basados en el BIA) y quiero iniciar con el más crítico para proceder con la implementación del SGSI.
Derivado de este que le comparto quiero consultarle cual sería la mejor forma de iniciar: con que documentación de referencia? Reunirme directo con el área dueña del proceso y presentar lo que necesitamos para que nos pueda brindar el apoyo en tiempo equipo cuando sea necesario?
Debido a que sería mi primera implementac ión y que estoy solo en esta gestión le pido su recomendación.
(I would like to consult you about the implementation activities of the ISMS based on ISO27001:
1. I have outlined how to start starting from 4 pillars: Security policies (we have, but we have to improve them), Risk Analysis (we have one that we work with the team of Technological Risk Analysis), Security Structure (we work with 2 sections, an operational security In the area of IT and another in Risk), and a Strategic Plan that today is based on continuous improvement of what we have and the implementation of the ISMS.
2. From the information I have of the work I have done I identify 5 critical processes (based on the BIA) and I want to start with the most critical one to proceed with the implementation of the ISMS.
Derived from this that I share I want to consult you what would be the best way to start: with what reference documentation? Meet directly with the area that owns the process and present what we need so that they can provide the support in team and time when necessary?
Because it would be my first implementation and I am alone in this management I ask for your recommendation.) -
Enforcing ISO 27001 in satellite offices
If a business (head office is in xxxxx) has satalite offices/consultants around the work how do you manage/enforce iso27001? -
Management decisions
I do believe that ISO 27001 is really helpful but i have my doubts because in a small company where the decision are made by the owner, and even though the company has to follow trouth the process and controls, if the manager just wants something faster than usual and the business is not in any danger at all, he can made the decision of break the process or the control. So how an small company can overcome this? -
Statements for systems development
Do you have full written statements around "Securing the Development Environment" and "Secure Engineering Principles" that we can copy? -
Function separation Matrix
I'm searching an Excel template for creating a sod/function separation Matrix. Do you have something like that? -
Statement of compliance
My previous employer, whom I still support because they are a subsidiary of my current employer (xxxx), has asked me to help them to find and use or to draft an Executive Attestation Statement that they can provide to one of their major clients that will suffice for now to indicate that the company’s (xxxx) IT security policies and standards comply with ISO-27000 standards. They have not had a recent independent audit (such as an xxxx) or an ISO-27000 audit certification. The last xxxx audit they had was done in 2013. -
Risk assessment flowchart
I received your free sample of a RA flow chart showing how to risk assess a laptop. Do you sell other assets flow charted out like the laptop example? If so, what other assets are modelled?