Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
What if an organization is not interested in surveillance audits?
What action to be taken if any organization is not interested in surveillance audit? -
Can we handle ISO 27001 implementation remotely?
Can we monitor Security of our geographically dispersed offices through SOC (security Operations Center) ? For instance, cyber-security of *** office from ***? -
How to integrate ISO 27001: 2013 with HIPAA security rules
How to Integrate ISo 27001: 2013 with HIPAA security rules ? or can we achieve HIPAA compliance by just implementing ISO 27001:2013 in letter and sprite ? -
To whom will the auditor speak to?
In the process of ISMS Audit , with whom the auditor will ask questions? Is he/she going to ask queries with CEO (a non-tech person) or to the Information security guy? -
Information security board
i'm interesting if you have had any good practice with Information security board Regulation? is there any kind of document which regulates the actions of management board? or can give clear information how to organize all this kind of staff?? for instance: responsibilities, voice voting, elections inside board for choosing decision during risk treatment or implementation of controls? -
Excluding certain departments from the ISMS scope
Is it possible for me to exclude certain departments within my company ( let's say HR for example ) from the ISMS Scope and still be eligible for the ISO 27001 certificate? -
Attesting to ISO 27001 compliance
I understand that to be properly “ISO 27001 certified” only an accredited certification body / organization can perform such a task (and issue a certificate, etc.). -
Risk management from a remote location
Is it possible to perform Risk management ( Risk assessment, Risk Treatment) and implementation of controls from a remote location ? -
How to calculate residual risk
How do you calculate residual risk? I have a risk that causes two sub risks. Now value for top level risk will be sum of two risks or can the top level risk have a value of its own. -
Process-based vs control-based audit
What is the approach to auditing 27K? Do auditors audit business processes and check the application of the controls on them or do they look at each control and check their application across the organization?