Hi friends,
Based in ISO 27001:2013, "Information Security Objectives" is referred to 'confidentiality', 'integrity', 'availability', 'non-repudiation', and so on...? Is it true?
Additional, How to measure it? And, how would be the plan or framework to achieve them??
Thank you
Best regards
ISO 27001 and ISO 20000
Methodology for the risk assessment & treatment
Searching jobs as internal auditor
Cloud computingISMS compatible with software development process
Do you have ISO/IEC 27017 -Information technology - Security techniques - code of practice for information security controls based on ISO/IEC 27002 for cloud services template for standard. I need urgently similar document. Thanks
Mandatory documents and records
Does your template contain big list of Assts, threats, Vulnerabilities and exposure and probability assumptions as per local crisis reports?
Copy of the ISO 27001 and issues
Scope in the ISO 27001:2013
Does the scope statement needs to be updated? If not, will it be considered as a non-conformity
Differences between ISO 22301 & ISO 31000
Thank you for your email. Can you kindly tell me the difference between ISO 22301 & ISO 31000 2009, this is quite new to me (all l know is that they are both Risk Based)
Disaster Recovery Plan ISO 27001
There is a document - Disaster Recovery Plan 27001 - included in ISO 27001 Documentation Toolkit. This document cover the requirements from Annex A, i.e. A.17 Information security aspects of business continuity management ? In this case, in Statement of Applicability, is it right (and enough) to specify this document as Implementation Method for controls no. A.17.1.1, A.17.1.2, A.17.1.3 and A.17.2.1?