Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Security policy for thousands of employees
I would like to ask how to ensure that an existing security policy is well enforced in a company? -
Questions about the backup policy
We store all our data in secondary back up, actually TWO secondary back ups, for just in case. -
Are confidentiality level and change history mandatory in all documents?
Is Confidentiality level and Change history table in the Document and record control procedure applied only to ISMS documents or to all documents and procedures in organization? -
Stage 1 and stage 2 for the internal audit?
Is it usefull to perform a Stage1 for internal audit before Stage 1 third party audit, in order to assess that documented information be complete and managed in a compliant way? -
ISO 27001, COBIT and SOX
When is ISO 27001 is used and when are the compliance considered like SOX, COBIT etc. ? -
ISO 27001 and massive companies
I am trying to find a solution to documenting new procedures and policies for a massive company.. in particular the risk department. At the moment there is nothing in place what so ever.... So i will have to work from the beginning on what is happening and where are the shortfalls. In order to find improvements which are documented. I need to start from scratch -
Control objectives in the Statement of Applicability
I have a question specific to completing the SoA, and the table in Section 3: Applicability of Controls. I'm clear on all of the columns except one: "Control Objectives". I feel like I want to copy/paste the same text all the way down: "Control risk exposure" ! But that doesn't feel quite right :) Have you any suggestions? -
ISO 27005 training vs ISO 31000 training
I have an important career related question for you. I would really appreciate your help on this. I have planned my career in the direction of IT Risk Management. I was going to join a training for ISO27005 but the training institute is offering me ISO31000 instead. As per my career path, what do you think should be the best training for me ISO27005 or ISO31000? I also went through an article on Advisera website on the same topic but I am looking for a specific advice for myself(depending on my career path) and I know you can help. -
Financial impact in BIA methodology
Hi, I'm interested in your BIA Methodology, more specifically in the financial impact methodology, is it included in your BIA Methodology or do you have a specific methodology for assesing the financial impact? -
Controls for IT department
Which controls of 27001 should be read by my IT department in particular, please?