Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
What is cybersecurity?
i do not understand what is small exact difference between cyber security and information security -
ISO 22301 Implementation
How do we implement ISO 22301 within a company without ISO 27001. What are the challenges or hurdles that we might face. Currently have basic BC/CM planning. Thanks. -
Asset Identification
ISO 27005:2011 Annex B Section 1.2 describes a process for Asset identification that classifies primary and secondary assets which seems to be in contradiction to the Risk Assessment Categories that are in the 27001 Academy templates. I have been working to identify assets using the ISO 27005 methodology which focuses the primary assets on information assets rather than the secondary assets which are more people and equipment based which is how the template categories are defined. I think the primary information assets approach works well for my company as we are a software product company where the assets we have to secure are more centered around software, source code and customer data rather than the physical equipment. My question is having identified and assessed the primary information assets do I simply continue and assess the threats and vulnerabilities related to the secondary assets or is it sufficient to assess the primary assets, with the implication that the secondary assets will be covered by the primary assets? Thanks William Owen -
Regarding NC
I have one doubt that in iso 27001 certification audit .They are giving nonconformities and observations. whether ncs and observations they have give on the basis of 27001 or 27002 or both. -
Regarding "information security objectives and planning to achieve them
There is requirement to document information security objective and plan to achieve them. -
ISO 27001-2013 - Amended Version
"Yesterday we received an amended ISO 27001-2013 showing an amendment to Annex A A.8.1.1 -
BIA MTPD Calculation
Hello Dejan, Would you be able to tell me where I go again to review the on-line video of how to fill out the BIA template? I watched it sometime ago but had to put things aside for awhile and now I am back at it again. I seem to be stuck on the BIA report trying to determine how to come up with the MTPD? Thanks, Luc -
BIA & RA Review Period
Pls let me know, if business impact analysis & risk analysis can be reviewed/updated every 2 years or when there is significant change in business. Most BCP experts recommend...these needs to be reviewed/updated least annually. -
ISMS Scope Question
While establishing an ISMS for an Information Security department ,should I include HR/Finance (and all supporting divisions) as 3 third parties component as they are feeding services to IS Department (the only Dep in scope)? -
Control 17.2 Redundancies
I have confusion regarding the Control 17.2 Redundancies. In my ISMS scope, it covers all monitoring systems (EMS - Element Monitoring System) which reside in data centre. total approximately 20 EMSs. but not all EMS have redundancy. for EMS that have no redundancy, the existing recovery plan is only retrieve the backup file. does this plan sufficient to meet the requirement for control 17.2?