how i can perform gap analysis for ISO 27001 in the organization?
Encrypted Messenger app
I program at the moment on an encrypted Messenger, which the news about AES-256 encrypted. This is open source and free of charge. Do I need an ISO 27001 certificate for this?
Set of assets
In the inventory of assets, for example hardware and software, I will have many computers with the same configuration and software consequently many threats and vulnerabilities equal, in this case who should be the owner of these assets and the risk assessment table these assets should be repeated?
ISO 27001 for a Data Center
A company wants to get certified for ISO 27001:2013 for their Data Center only. What would be the steps to achieve this? What is the implication on the Statement of Applicability document? Thank you in advance for your reply.
Software development company
I have a question about ISO27001, our company is a software development company. In 14 it says it services but in 6.1.5 it says regardless of the project. My Question is in our projects(we develop the code)which have a logging screen, with respect to ISO 27001 do we need to apply secure log-on password management or event logging if as a company we had a ISO 27001.
Risk assessment based on processes
How can I modify the risk assessment and treatment methodology, in order to not use asset-threat-vulnerability? Regarding Risk identification: I want to identify risks using processess, departments and category of assets - not individual assets.
Confining a registrar to the scope that has been defined
How does one go about confining a registrar during the audit to the scope that has been defined? Ive experienced an auditor who seems to be attempting to expand ISMS scope beyond the internally agreed upon scope. We are limiting scope of the ISMS to the ***; nothing more nothing less.
Record maintenance system
A follow up question? I dont think we have a record maintenance system?! Can you give me example of such systems. Can we use sharepoint for this?
Business Continuity Assessment
Dejan do you have any webinar's that focus on conducting a Business Continuity Assessment using the ISO22301 standard? This would be used for companies that have an existing BC Program to provide improvement opportunities to strengthen there existing program.
Include controls in the SOA
In inclusion of controls in Annex A, what possibly could be the justifications if we cant find any justifications from risk assessment, legal requirement, contractual requirement or business requirement/best practice?