Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Implementation guidance ISO 27002
I guess this is a basic question, but I would like to know your opinion about it. Are the implementation guidance of controls described in ISO 27002 mandatory or, as the name indicates, only a guide? -
Is equipment in data center to be considered as assets or controls?
I got a question in relation to Information Security. If you own your own data centre, would you consider data centre controls such as fire suppression system, UPS, power generators, humidity controls as assets (for the purpose of risk assessment)? Or would you consider them as controls implemented to mitigate risk of system availability due to fire, power outage ? -
Definition of asset in ISO/IEC 27000:2014
I just realized that there is no longer definition of asset in ISO/IEC 27000:2014. Could you please tell me why? -
Asset owner for the personnel
Who would be the proprietary of the asset "personal"? I have identified to "personal" as a critical asset within my ISMS, but I don't know who would be the propietary of this asset. -
Does the Impact Reduce When applying Controls
Relocating to less storm prone area. -
Information security policy vs. Acceptable use policy
What is the big difference between the Information Security Policy and the Acceptable Use Policy? -
Licensed software in ISO 27001
I have one question to ask you that, ISO27001 it does say need to use all License Version instead of pirated(Cracked) ? please confirm same. -
Information and Classification Policy
While we were writing this policy we have come up with the solution to have three level classification - client confidential, business confidential and public. -
Policy Version Control
Hi, Our organization ISO 9001 & 27001 certified. Tow year before we are implemented the incident management policy, the policy version number is (Ver 1.0). Last year as per the management direction the information security incident management policy was migrated with QMS policy. Owing the information security incident management policy was obsoleted. Current financial the QMS incident management policy is not effective, hence the management decided that, the information security incident management bring back to live. Please guide us, what is the version I can provide the policy. Because the existing one already obsoleted. Now I can provide the version number from the start or I can follow the old version number. If you suggest follow the old version number or new version number means, provide the valid reason for the same. We can communicate to the management. Thanks in advance. G Thanikachalam -
Difference between clauses 5.1.e and 6.1.1.a of ISO 27001:2013
In ISO/IEC 27001:2013 Standard do you see any difference between Section 5.1.e and Section 6.1.1.a or both are same ?