Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Become information security consultant
I recently graduate from a university and my degree is a software engineer and I would like to have your advice on how to be an information security consultant. What are the required qualifications, and experience needed in order to reach my objective? How to become fully qualified? What are the necessary steps to become an information security consultant, for somebody without a serious prior knowledge in information security? -
Risk management for cloud computing
If I want to do risk management for a cloud computing environment, must I use ISO 31000 or ISO 27005 or ISO 91000? -
Level of confidentiality
"The basic rule is to use the lowest confidentiality level ensuring an appropriate level of protection, in order to avoid unnecessary protection costs." What does it mean? There are four confidentiality level, is the Confidential the lowest? -
Example of quantitative and qualitative risk assessment
Can please tell me the difference between Quantitative and Qualitative Risk Assessment with proper Example I have so Much doubts in it ... Please help me out with this. -
Alcance del SGSI
Que se debe escribir en el alcance del SGSI 27001? -
ISO 27001 certification for one division
How are you? I wanted to find out if we can get ISO27001 certification for one division of our business and not all of them. We have a division that does software quality assurance for our clients that has its own office space and network and we would like to get them certified. -
Policies and procedures
I need a little understanding on Policy mapping. As per ISO 27001; we have a list if policies for establishing Information Security. However, Please help me to know the correct approach to map policy and procedure documents to the Master policy of the organization. One-to-one or direct, is there any mapping mechanism that can be followed? Or say to the Scope of ISMS document. Please guide me through it. -
Risk assessment of outsourced hosting service
In the process of filling in the Risk Assessment Table. We host all of our data and major applications out of two data centres. Our company doesn't own the data centres, we simply pay for their hosting services, and some equipment. In the Infrastructure section of the Risk Assessment, would we include the physical data centres as an asset? The management of the actual physical Data Centres are actually out of our control. We could say that a threat is, for instance, unauthorized access--but the vulnerabilities are minimal as the security at a DC is quite stringent--and not in our direct control. Would such DC, that the corporation does not own, be part of the scope of our Risk Assessment? -
Assess the risk for each asset
I'm looking at the risk assessment process for 27001, am I asses the risk to each asset or the risk that asset has to the business? -
Access directly to a database?
Can external clients have access directly to the Oracle database via a read only account?