Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Documentacion para auditoria
Buen día, quisera saber si voy bien con la documentación que el Auditor pedirá para la Certificación ISO 27001:2013 -
Storage of password
What the ISO 27001 says about protection and storage of passwords, for example I have the passwords of a very sensitive server of the company and have to leave stored somewhere if someday I'm not available. The standard requires some action to it? -
Keep information security
Due to keep information security, we chose to use the sharepoint to store and share company information. To ensure that employees have adequate knowledge to handle the tool applied training. This training should be included in the registration Training and Awareness Plan? -
Company allocated temporarily in another company
My company is allocated temporarily in another company. So the internet link, printer, switch and routers are shared, however property of that other company. Should I include these items in my inventory and scope? -
SoA and mandatory documents
-
Category of assets
-
Measurement of the absolute risk
Hi friends, Could you help me with the following question please: To measure the absolute risk, is necessary to evaluate the asset without protections neither controls of any kind, or it is measure with the protections or controls implemented currently on the asset? Which would be the best approach and why? Which you use and recommend? Thank so much Best regards. -
Integrate policies
Currently I encountered one problem, which is that the "Policy" of an ISMS is quite high level, while for our day-to-day work we are following some kind of "SOP", which are much lower level with details. So my doubt is how can we integrate these 2? -
Methodology based on ISO 27001 and ISO 27005
What's your methodology for risk assessment... CRAMM ... NIST 800-30? -
Group of assets