SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Evaluation of the impact of the identified risks
I wonder if the evaluation of the impact of the identified risks and impact assessment process using the same criteria and the same tolerance, or is there a difference and what happens when we evaluate a process that can generate high impact, but when the assessment of these risks are unlikely, and the residual risk is low. -
Roles and responsibilities
Should the ICT service continuity process and disaster recovery plan be managed away from the BCM department i.e should they do their risk assessment without my involvement as a BCM department or I am the one who should be responsible or accountable for this.. Am feeling confused regarding the roles and responsibilities of ICT department and my role as a BCM department. -
ISMS for scratch card manufacturing unit
What controls will be not applicable for a scratch card manufacturer? Can you point out any general resource for ISMS for such a unit. -
Logs management
I asked one doubt at webinar -
All the controls for development , maintenance , support
Hi , we are a company that develops softwares (for us and for clients). 1- Shall all the controls for development , maintenance , support be applied for our products and for the products we develop for us to support our business? or only the the products we develop for us ? for example : secure development policy or technical vul check : these controls shall be applied on the products or the software we develop to support our business ? If we include our products (that we develop for clients) in the scope , what are the consequences on implementation? Reagrds, -
Risk Assessment Methodology
We are in the process of implementing ISO27001 and I am looking at the RA methodology. I have 2 questions. 1. We will likely be defining our RA methodology as the following: - List of Assets What are the vulnerabilities of each asset? What threats could exploit each vulnerability? What is the consequence? What is the likelihood? =Risk Level Does this make sense in the context of 27001? and; 2. In order to protect the C.I.A of information, should we conduct these Risk Assessments for each of confidentiality, integrity and availability? For instance: If our asset is company mobile phones, the vulnerability is asset security, the threat is theft, consequence is unauthorised access to information and likelihood is 1 for example (highly unlikely). Should we conduct separate assessments for the loss of each confidentiality, integrity and availability as theoretically it would affect all 3 in this case, or does the one with the highest risk level suffice? -
Communication Plans
I would like to ask about communication plan? -
ISO 27001 how to assign risk value
I have a query related to ISO 27001. In ISO 27001:2005 the risk value was assign to asset risk but In 27001:2013 the risk value is assign to owner of the asset risk ,instead of asset risk itself ?if yes,then how the value can be assign to the owner of asset risk. -
Controls and Clauses Related to BYOD
Hi I am new to ISO 27001 and still learning, so kindly excuse if the question appears to be lame or vague. I wanted to know that 1) What are the clauses and controls related to BYOD. 2)How should we approach BYOD from the ISO 27001 perspective and what are things to keep in mind while doing so. 3) What should be the Risk Management approach for a BYOD solution. I think that it does not come under the mandatory documents. Thanks and Best Regards Ravi -
Control A.17.1.1 in ISO 27001
I have one question related to the BCP part of the norm: Control 17.1.1: "Information security requirements should be determined when planning for business continuity and