Actualmente estoy revisando la documentación del SGSI de mi empresa y tengo la siguiente inquietud? En la metodología inventario clasificación de información, yo se tiene como tipo de activo
Aligning information security objectives with business strategy
Kindly, could you please clarify this to me? "Make sure your information security objectives are aligned with the business strategy (ISO 27001 clause 5.1 a). What does that exactly mean? If my org is a financial company for example.
Report information about compliance and audit
I am responsible for audit and compliance in my organisation. Each month, all teams report their KPIs to senior leadership. Like incident mgmt will report on - Number of major incidents. Change mgmt. - percentage of successful changes. What can I report? Number of audits (9001, 22301, 27001, 14001, customer audits)??? Volumes of NCs, OFIs??
Balance scorecard
Let me know if there is any iso referring to balanced scorecard ?
Guía para definir el alcance
Me gustaría tener una guía para definir el alcance, a pesar de q tengo la guía la ISO 27003, y la 27001, no se como escribirlo, plasmar los requisitos y q debe ir en el contexto. Como lo puedo estructurar?
Information assets
Who determines what constitutes an information asset? For ISO27001 compliance. I am battling within my organisation ... I define information assets as everything information we care about, including IT equipment and physical information.
KPI and metrics
Are there any KPI/ metrics that can be measured and reported directly on ISO27001 or 22301?
Auditing a server
I want to know how the auditing of server, active directory, backup, change management, patches happen while we audit ISMS?
Multi location
what is Multi location split of project
Making the transition from 2005 to 2013 revision of ISO 27001
Say the company has ISO 27001 already and wants to update to 2013 version - is this done with the assessing body, and is there a seminar that covers this on your course ?