Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Creating two separate password policies?
We are developing “password policy” now and have question about it: There is only password policy for users among the templates. Is there any requirements by ISO 27001 for separate password policy for privileged users (like admin, root and etc.) or we can combine them? -
How to do risk assessment on sample of assets
Could anyone please sugguest / advice how can we do Risk assessment on sample of assets, as there are 30 firewall (critical), so does it mean that we need to cover all or we can do it separately. -
Effectiveness of security controls
Assessing a risk is sometime we assume that a particular risk may happen. So we determined some control measures. But that risk is not commenced yet. That was just a probability . In that case how can we measure the effectiveness for that risk control we took to reduce the risk. -
Intellectual Property Rights
Could anyone please share some of requirement related to IPR? How can organisation comply with A.18.1.2. What external auditor will check at the time of certification audit. -
Assessing the residual risk
As a part of risk management, after determining the control measures for an identified risk which is not happened yet, how we can review the effectiveness of the control measures for that particular risk -
How to identify assets
how to identify the assets? to assess risks using old assets-threats-vulnerabilities method. It is done for each control? in other words, we identify assets for each evaluated control during an audit? The current 2013 revision of ISO 27001 doesn't require such identification but assessing consequences, likelihood and method of risk calculation, are the same? -
Violation of the ISO 27001 certification
What happens if i have and declare that i am certified by 27001 or 27018, companies come to me and get service from me but during that time i do violate some of the obligations take place in 27001 or 27018? Am i responsible by any legal sanctions or do i only loose customers/reputation? -
ISO 27001 and personal data protection
We were wondering if ISO 27001 covers Personal Data Protection necessities ? If not, is there any source (article) that we could find the differences at a glance? Many thanks in advance! -
Whatsapp Privacy policy
Can you please comment on the privacy policy of Whatsapp. Whatsapp has released its changes in the policy for Facebook. What do you think. What are the security implications -
Benefits of ISO 27001 for a Care company
How do I convince the CEO of a Care Company with over x homes and about y employees to implement the Iso27001