ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Política de escritorio limpio

  • Questions about assets

  • Guidance for Information Security Policy

  • Asset, threat, vulnerability

  • Controls to address personal data

  • Gap analysis ISO 27001:2005

  • ISO 27018

  • ISO 27001 training vs awareness

    I’ve a question concerning the clause 5.1.1 - more specifically, about the Information security awareness, education and training.  This can, I realise, be specific to an organisation, however, my concern refers to the ‘training’ aspect vs. awareness and education.  We have been giving awareness and eduction sessions, but the training aspect i believe is something more in-depth.  Does this mean establishing more physical awareness e.g. mock phishing attacks, leaving USB sticks (etc etc) around the office to see who picks it up and who plugs it in etc?
  • ISO 27001 or ISO 27018?

    I have been working very extensively on the marketing of the ISO27K and the advantages it can offer to businesses in Australia.  
  • ISO 27001 Lead Implementer