Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Security requirements checking and testing
Under secure development - checking and testing the implementation of security requirement can you please explain: -
Business Continuity Strategies
I work on the BC strategy document. Please explain where should I define detailed recovery strategy for individual applications. The various critical activities defined by BIA analysis use xxxxxxx as an application that access the servers and it is absolutely critical, but I was wondering where and how to define recovery for the xxxxxxx - whether as a separate Activity recovery plan (which I would perhaps call application recovery plan ) or otherwise? -
ISO management systems compatibility
I am working with development of an Integrated Management System for Quality with the ISO 9001,2015 as the base standard and ISO 22002 and ISO/TS 22002-1 Pre-Requisite standard for FOOD SAFETY, into Clause 6 of ISO 9001.2015 ( Risk Based Thinking). -
Backup control
Como aplicar la norma de seguridad de la información , en cuanto al tema de respaldos (How to apply the information security standard, regarding the subject of backups) -
BCP project budget
We have a client who requires a BCP end to end plan for a Health care industry and the project is in US. We are from India and not sure about calculating the Budget for a project duration of 4-5 months. The client has requested for a Fixed time pay. Please help us how to calculate the Budget. -
Benefits from ISO 27018
Looking for advance to describe the demarcation points between 27001 & 27018 -
Controls elaboration
Gostaria de saber como faria para dar uma nova roupagem nos controles da norma, isto é, como eu faria para falar de alguns controles da norma 27001 com as minhas próprias palavras, em vez de copiar e colar informações sobre os controles da norma. -
Records maintenance
Regarding software Requirements and Software design, Is there any fancy way of writing and maintaining records? As a developer we don't like to read a document with 100s of lines. -
BCP and DRP
Currently we have DR Site, we do have a Disaster Recovery plan - Currently we don't have any BCP - However what I understand is Disaster Recovery plan is a part of BCP. currently as per the advise from the security company to write a procedure in BCP. I wanted to understand that how to implement BCP and the core difference between them and how to accommodate it within our organization.? BCP means as Global which needs to include not only IT department but also to involve HR, Finance and management? -
ISO 27001 implementation
Quiero consultarte sobre las actividades de implementación del SGSI basado en la norma ISO27001:
1. He esquematizado como iniciar partiendo de 4 pilares: Políticas de seguridad (tenemos, hay que mejorarlas), Análisis de Riesgo tenemos uno que trabajamos con el equipo de Análisis de Riesgo Tecnológico, Estructura de Seguridad – trabajamos con 2 secciones, una seguridad operativa en el área de TI y otra en Riesgo, y un Plan estratégico que hoy día está fundamentado en mejora continua de lo que se tiene y la implementación del SGSI.
2. De la información que tengo de los trabajo realizados identifico 5 procesos críticos (basados en el BIA) y quiero iniciar con el más crítico para proceder con la implementación del SGSI.
Derivado de este que le comparto quiero consultarle cual sería la mejor forma de iniciar: con que documentación de referencia? Reunirme directo con el área dueña del proceso y presentar lo que necesitamos para que nos pueda brindar el apoyo en tiempo equipo cuando sea necesario?
Debido a que sería mi primera implementac ión y que estoy solo en esta gestión le pido su recomendación.
(I would like to consult you about the implementation activities of the ISMS based on ISO27001:
1. I have outlined how to start starting from 4 pillars: Security policies (we have, but we have to improve them), Risk Analysis (we have one that we work with the team of Technological Risk Analysis), Security Structure (we work with 2 sections, an operational security In the area of IT and another in Risk), and a Strategic Plan that today is based on continuous improvement of what we have and the implementation of the ISMS.
2. From the information I have of the work I have done I identify 5 critical processes (based on the BIA) and I want to start with the most critical one to proceed with the implementation of the ISMS.
Derived from this that I share I want to consult you what would be the best way to start: with what reference documentation? Meet directly with the area that owns the process and present what we need so that they can provide the support in team and time when necessary?
Because it would be my first implementation and I am alone in this management I ask for your recommendation.)