Structure and communication between IS, Risks and IT
Are there any recommendations for building org-structure and communication model between IS, risks and IT?
How cloud risks are mitigated
An audit questionnaire from one of our customers includes:
Numeric identifier for ISMS documents
One question, do you believe all ISMS documents require a numeric identifier or just a title is sufficient?
Support management
In the first step of the decision -making process , could you please recommend me some pertinent questions while the interview with the top management .
Merging the asset, risk assessment, risk treatment tables
What do you think about merging the asset, risk assessment, risk treatment tables into a single table/document? There is just too much duplication there for my taste. Too much opportunity for the data to get out of sync.
Various questions about ISO 27002
1. Don't i need to have the guidelines (27002) in place to be issued a certificate?
Difference between ISO 27001 certification and CISSP
Kindly clarify me on the difference between ISO27001 and Certified System Security Professional (CSSP).
ISO 9001 qualification to obtain ISO 27001 qualification?
I would like to participate to ISO 27001 Lead Auditor course but unfortunately I received different answers from different organisations. Some of them said that I am not allowed to take part of this course due to the fact that I don't have ISO 9001 certification. The rest of them said that I can participate to this course even if I don't have ISO 9001, because my 4+ years experience in IT field is enough. (I am currently holding a QA position.)
Improve my employability
May I ask you advises in the trainings/certification jungle. I’m looking forward to start certifications to improve my employability. What’s your recommendation around : ISO27001, SANS, CISA w/wo COBIT, …
Location of ISO 27001 and 22301 Clauses
In the reference documents sections, I see list of clauses referenced for each particular document. I'm sure I'm overlooking something simple, but where do I find those clauses? Are they provided in the toolkit we purchased, or are they separate?