We would like to start the process of implementation for iso27000 and need to know the cost of consultant to develop the procedures , time frame and certification cost
Asset inventory
Who will be the business owner when asset inventory is to be made?
Section 9.1 - Monitoring, Measurement, Analysis and Evaluation
Im working on designing a way to monitor and measure the performance of our ISO 27001 and was unable to find any templates in the toolkit. Is this incorporated in another document, or should a separate document required?
Documentacion para auditoria
Buen día, quisera saber si voy bien con la documentación que el Auditor pedirá para la Certificación ISO 27001:2013
Storage of password
What the ISO 27001 says about protection and storage of passwords, for example I have the passwords of a very sensitive server of the company and have to leave stored somewhere if someday I'm not available. The standard requires some action to it?
Keep information security
Due to keep information security, we chose to use the sharepoint to store and share company information. To ensure that employees have adequate knowledge to handle the tool applied training. This training should be included in the registration Training and Awareness Plan?
Company allocated temporarily in another company
My company is allocated temporarily in another company. So the internet link, printer, switch and routers are shared, however property of that other company. Should I include these items in my inventory and scope?
SoA and mandatory documents
Category of assets
Measurement of the absolute risk
Hi friends,
Could you help me with the following question please:
To measure the absolute risk, is necessary to evaluate the asset without protections neither controls of any kind, or it is measure with the protections or controls implemented currently on the asset?
Which would be the best approach and why? Which you use and recommend?
Thank so much
Best regards.