SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1916
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Formula for calculating RTO; using turnover

    I am not new in this world of standrads, but have difficulty explaining to people how they should calculate their acceptable losses (due to RTO). People waiting to get some kind of formula, though I believe that such a formula does not exist. I'm trying to relate it to turnover (percentage of it) but I´m not sure what is the best practice in that, which percentage is usually preferred. I know that there are many other dependencies too.

  • Information Security Risk Assessment

    Hello there i am in the process of performing risk assessment for all departments of the company.  i followed that approach for identification and evaluation of the asset value: 1- interviewed each head of department. identified information assets (started with electronic data). for each information asset (electronic data) - for example customer information, payroll information, etc. identified the asset containers (where such assets are stored (for example - Navision application, MS-sql database, user's PC, company file servers, backup tapes, etc.).  2- Interviewed each head of department in relation to information asset value (which is based to a predefined BIA matrix). for example what could be the impact in case the confidentiality of the information asset is compromise. i used values low - moderate - high. and i repeated that for each asset. 3- based to that information i put the value of information asset containers to max of the asset values that store (for example if NAVISION has customer information (moderate) and payroll information (high) - then i put the value of confidentiality for NAVISION to high. 4- during interviews I identified around 50 information assets (electronic data) and i mapped them to 5 information assets (navision and its related infrastructure (ms-sql and windows), file server, User PCs and backup tapes). all of them were rating as high (using the above mentioned logic). 5- after that i identified threats/vulnerabiltiies for each of these 5 assets. 6- i calculated risks using formula = propability * impact (which is evaluated in point 3). please let me know if this correct.. or i am missing something. thanks

  • Determine RTO for a business process

  • 12.1.2 Change management vs 14.2.2 System change control procedures

  • controls assessment

    Hi friends, I have a question in the risk assessment phase of the ISMS: If you have some controls already implemented to mitigate a risk, How to measure the contribution total of each them to the residual risk?? Which is your recommendation? Thanks, Best regards,

  • No risks after risk assessment?

  • ISO 27001 and ISO 27018

    I need more information:

    1. Whether that will be certified to ISO 27018 should first pitch ISO 27001 certification
    2. Differences between 27001 and 27018
    3. If the stand-alone ISO 27018 clause or control the use of what each step as well as what

  • Information Security awareness

  • Risk Assessment and frequency

  • Information Security Policy template
Page 459 of 542 pages