Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Lead Auditor + Lead Implementer?
I have successfully cleared my ISO 27K LA course from BSI (recognized by IRCA), Is Lead Implementer course good for me? please suggest me for future purpose. -
Password management
I have a query regarding password management in ISO 27001. What approach should we take on a password policy about changing email account passwords? Should that be changed periodicall? What you think?Please let me know. -
ISO 27000:2016
So there's a new ISO 27000, what do you think about it? What could be the difference form the previous 2014 version? Should our organization has a copy of it? -
The risk assessment and ISO 27001
Does ISO 27001 define a methodology for risk assessment? Give examples -
Changes in ISO 27001:2013 related to the scope, the context and the SOA
I have already certified under ISO 27001:2013. One if the NCs I had was in the scope document, the context of the organization and the SOA. I would love clarity on these areas focusing on how the expectations have changes from the 2005 version to the 2013 version. -
Evaluate the risk owner?
I need a small hint – how to evaluate the Risk Owner in Risk Calculation formula? How to evaluate what value to be? A small matrix & to think our values based on business impact? -
Risk assessment for all functional units
How can we do risk assessment of different functional unit other than IT? -
Structure and communication between IS, Risks and IT
Are there any recommendations for building org-structure and communication model between IS, risks and IT? -
How cloud risks are mitigated
An audit questionnaire from one of our customers includes: -
Numeric identifier for ISMS documents
One question, do you believe all ISMS documents require a numeric identifier or just a title is sufficient?