Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Definicion del alcance
He encontrado una tendencia en definir como alcance el área de TI. En este sentido, más allá del ejemplo que utilizaste respecto de áreas cuyos servicios son utilizados por el área de TI, creo que existe el problema de que TI brinda servicio a toda la organización. Con lo cual, la información que procesa y almacena pertenece al resto de las áreas de la organización. De hecho, los propietarios de la información son las áreas de negocio y TI es sólo custodio. ¿Cómo puede el área de TI asegurar que tiene control sobre, por ej., la integridad de la información, si no puede controlar cómo ésta es ingresada a los sistemas? -
Qualitative and quantitative risk assessment
It has been a while, hope you are fine. Is it allowed to perform both qualitative and quantative risk asssessment when implementing ISMS? -
ISMS for a Manufacturing Unit
I have been following your webinars its been very helpful to me. I am now doing my intern in which I am supposed to Audit a Manufacturing sector. Kindly provide me your input how to approach ISMS for a Manufacturing Unit and how risk assessment can be done.Please help me with weblinks, documents and template related to this study. -
Controls in Risk Treatment Plan
Hi friends, I have a doubt, if in the risk assessment I identified that the organization already implemented a control of the ISO 27002; is necessary to include that control in the Risk Treatment Plan?? Thank you. Best regards -
gap analysis for ISO 27001
how i can perform gap analysis for ISO 27001 in the organization? -
Encrypted Messenger app
I program at the moment on an encrypted Messenger, which the news about AES-256 encrypted. This is open source and free of charge. Do I need an ISO 27001 certificate for this? -
Set of assets
In the inventory of assets, for example hardware and software, I will have many computers with the same configuration and software consequently many threats and vulnerabilities equal, in this case who should be the owner of these assets and the risk assessment table these assets should be repeated? -
ISO 27001 for a Data Center
A company wants to get certified for ISO 27001:2013 for their Data Center only. What would be the steps to achieve this? What is the implication on the Statement of Applicability document? Thank you in advance for your reply. -
Software development company
I have a question about ISO27001, our company is a software development company. In 14 it says it services but in 6.1.5 it says regardless of the project. My Question is in our projects(we develop the code)which have a logging screen, with respect to ISO 27001 do we need to apply secure log-on password management or event logging if as a company we had a ISO 27001. -
Risk assessment based on processes
How can I modify the risk assessment and treatment methodology, in order to not use asset-threat-vulnerability? Regarding Risk identification: I want to identify risks using processess, departments and category of assets - not individual assets.