Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Asset value
Supposedly I have an Asset with Confidentiality=5, Integrity=5, Availability=5. What would be the my Asset Value? is it 15 or 25? I am confused. -
Documenting the information security objectives
Our auditor asked for some documentation to check. This includes the documentation on information security objectives. As I understand it, this is included in the informations security policy. Is this correct or do we need an extra document on this? -
Focus the ISMS scope
We are planning to focus the scope on IT Department only could this be treated as the entire organization will be treated as outside world. What is your advise? -
Contents of Internal audit program
Is there another article/other information about what specifically to put in the audit plan? is it sufficient to just mention in your program that you will audit according to your criteria with attention to assessing compliance with the standard and taking into account results from previous internal audits? or is necessary to clearly define what you will audit in each cycle in the audit program? -
Clarifications reg GAP Analysis.
Hi team, during the implementation of an ISO 27001 in an organization which is providing info sec services which has got employees rolled up not more than 100, is it mandatory to do GAP analysis? (as this project is considered to be a green-field ones). If yes, what are all the phases in which I can do GAP Analysis? Has that to be mandatory while starting the project? when it shall be done during ending the project? Could it be done anytime in the middle, during the progress? Kindly clarify the doubts. TIA. -
Audit Doubt
Consider, I am implementing ISO 27001 in an organization, meanwhile I am also preparing some documented evidence as a part and parcel of organization's progress like evidence of competence among employees which has not been done so far. After completing all the implementation and the documentation works and doing an internal audit I may go for a certification body audit. My doubt here is, during the certification body audit, will there be any questions on the process as it has been recently devised and implemented? TIA -
Documents Clarification
Hello there, I have a doubt with respect to the documentation part. Can you kindly explain me the 7.5.3 Documentation of External Origin and 8.1 Operation and Control and Planning..? What are these two all about (in realtime)..? What kind of a documented evidence shall be considered to ensure it is in place? Kindly Clarify.. TIA -
Narrowing down the list of risks
It says it's reasonable to have 500 risks at Enterprise level, we need to narrow down that list to a even shorter list -
Asset register
I am progressing on with the asset register for the organisation however I am unsure what information I need to include with regards to our server information. We rent an office off the local authority which allows us to have a channel to connect with the internet via a IT company who are ISO 27001 certified. Our main infrastructure is hosted at Data Centre who are also ISO 27001 certified. Do I need to include all of this on my asset register or would this be covered in the Supplier section? -
Cabling security
Is documenting and demonstrating the physical access controls that are in place mitigate not performing physical inspections or technical sweeps for unauthorized devices being attached to the cables?