Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
The risk assessment and ISO 27001
Does ISO 27001 define a methodology for risk assessment? Give examples -
Changes in ISO 27001:2013 related to the scope, the context and the SOA
I have already certified under ISO 27001:2013. One if the NCs I had was in the scope document, the context of the organization and the SOA. I would love clarity on these areas focusing on how the expectations have changes from the 2005 version to the 2013 version. -
Evaluate the risk owner?
I need a small hint – how to evaluate the Risk Owner in Risk Calculation formula? How to evaluate what value to be? A small matrix & to think our values based on business impact? -
Risk assessment for all functional units
How can we do risk assessment of different functional unit other than IT? -
Structure and communication between IS, Risks and IT
Are there any recommendations for building org-structure and communication model between IS, risks and IT? -
How cloud risks are mitigated
An audit questionnaire from one of our customers includes: -
Numeric identifier for ISMS documents
One question, do you believe all ISMS documents require a numeric identifier or just a title is sufficient? -
Support management
In the first step of the decision -making process , could you please recommend me some pertinent questions while the interview with the top management . -
Merging the asset, risk assessment, risk treatment tables
What do you think about merging the asset, risk assessment, risk treatment tables into a single table/document? There is just too much duplication there for my taste. Too much opportunity for the data to get out of sync. -
Various questions about ISO 27002
1. Don't i need to have the guidelines (27002) in place to be issued a certificate?