Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Some types of assets
If I have Some types of assets like persons, services and computers I have to classify them too? Or only the information assets? -
Opportunities in the methodology of risk assessment?
I am confused because I created one information security risk management procedure which is the methodology of risk assessment; Do I need to put something related to opportunities in that procedure or not? and do i need to add something in my risk register? like opportunities? -
Controls for a cloud provider
Does ISO 27001 certification require control maturity for systems that are new to a deliverable model? For example, if a business unit were to deploy a company standard SQL image into a cloud provider infrastructure would the cloud provider have to have control maturity or are the current controls in place for on-premise data centers sufficient? -
First things in ISO process
In the ISO process, what are the first things you should look at ? What I want to is what will fall in line with top priorities so you can create a flow chart and work from the most critically important to the the less significant issues and can you build upon each ? -
Asset identification in risk assessment
I need to certify the company X. This company does not have its own IT equipment. It gets them provided by the sister company Y. In the sister company are also all business processes of X running. How to identify values for a risk assessment? -
Main driving force for ISO 27001
What is the main driving force for ISO 27001 compliance? -
Work breakdown structure for ISO audits
Can you please help me with the Work Breakdown structure for ISO Audits? -
Best practices in accessing business cloud applications
My question is related to what’s the best practices in accessing business cloud applications from mobile devices? I think that’s not included in any of the policies of your package… -
How long should a company operate the ISMS before an internal audit takes place
I appreciate if you could assist me with the following question related to the ISO 27001 implementation process. Once the controls (technical, develop policies, etc.) are implemented, any best practice on how long should a company operate the ISMS before an internal audit takes place, and what is the time frame between the internal audit and the certification audit. -
AIA o BIA
Como empatar los métodos anteriores con el 22301. en días anteriores me comentaron que en la 22301, no considera el AIA, sino que se desprende del BIA la identificación de aplicaciones críticas del negocio, es esto verdad?