ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Information Security Risk Assessment

    Hello there i am in the process of performing risk assessment for all departments of the company.  i followed that approach for identification and evaluation of the asset value: 1- interviewed each head of department. identified information assets (started with electronic data). for each information asset (electronic data) - for example customer information, payroll information, etc. identified the asset containers (where such assets are stored (for example - Navision application, MS-sql database, user's PC, company file servers, backup tapes, etc.).  2- Interviewed each head of department in relation to information asset value (which is based to a predefined BIA matrix). for example what could be the impact in case the confidentiality of the information asset is compromise. i used values low - moderate - high. and i repeated that for each asset. 3- based to that information i put the value of information asset containers to max of the asset values that store (for example if NAVISION has customer information (moderate) and payroll information (high) - then i put the value of confidentiality for NAVISION to high. 4- during interviews I identified around 50 information assets (electronic data) and i mapped them to 5 information assets (navision and its related infrastructure (ms-sql and windows), file server, User PCs and backup tapes). all of them were rating as high (using the above mentioned logic). 5- after that i identified threats/vulnerabiltiies for each of these 5 assets. 6- i calculated risks using formula = propability * impact (which is evaluated in point 3). please let me know if this correct.. or i am missing something. thanks

  • Determine RTO for a business process

  • 12.1.2 Change management vs 14.2.2 System change control procedures

  • controls assessment

    Hi friends, I have a question in the risk assessment phase of the ISMS: If you have some controls already implemented to mitigate a risk, How to measure the contribution total of each them to the residual risk?? Which is your recommendation? Thanks, Best regards,

  • No risks after risk assessment?

  • ISO 27001 and ISO 27018

    I need more information:

    1. Whether that will be certified to ISO 27018 should first pitch ISO 27001 certification
    2. Differences between 27001 and 27018
    3. If the stand-alone ISO 27018 clause or control the use of what each step as well as what

  • Information Security awareness

  • Risk Assessment and frequency

  • Information Security Policy template

  • Software companies
Page 461 of 544 pages