Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk Assessment Methodology
We are in the process of implementing ISO27001 and I am looking at the RA methodology. I have 2 questions. 1. We will likely be defining our RA methodology as the following: - List of Assets What are the vulnerabilities of each asset? What threats could exploit each vulnerability? What is the consequence? What is the likelihood? =Risk Level Does this make sense in the context of 27001? and; 2. In order to protect the C.I.A of information, should we conduct these Risk Assessments for each of confidentiality, integrity and availability? For instance: If our asset is company mobile phones, the vulnerability is asset security, the threat is theft, consequence is unauthorised access to information and likelihood is 1 for example (highly unlikely). Should we conduct separate assessments for the loss of each confidentiality, integrity and availability as theoretically it would affect all 3 in this case, or does the one with the highest risk level suffice? -
Communication Plans
I would like to ask about communication plan? -
ISO 27001 how to assign risk value
I have a query related to ISO 27001. In ISO 27001:2005 the risk value was assign to asset risk but In 27001:2013 the risk value is assign to owner of the asset risk ,instead of asset risk itself ?if yes,then how the value can be assign to the owner of asset risk. -
Controls and Clauses Related to BYOD
Hi I am new to ISO 27001 and still learning, so kindly excuse if the question appears to be lame or vague. I wanted to know that 1) What are the clauses and controls related to BYOD. 2)How should we approach BYOD from the ISO 27001 perspective and what are things to keep in mind while doing so. 3) What should be the Risk Management approach for a BYOD solution. I think that it does not come under the mandatory documents. Thanks and Best Regards Ravi -
Control A.17.1.1 in ISO 27001
I have one question related to the BCP part of the norm: Control 17.1.1: "Information security requirements should be determined when planning for business continuity and -
How to become ISO certified for myself
I would like to try and get certified in ISO for myself to add to my CISSP and other certs. I have the latest ISO docs from ISO itself so how would you recommend I go about it? -
CISO role
1. What happenes if the organization does not have a CISO and the COO/ CTO is responsible for the security, can we use use COO/CTO in the templates instead of CISO where ever it is applicable. -
security audit of a hypothetical supplier
My company is a InsuraHello, I just want to know what is the best way in order to apply an audit process for one supplier and what is the must important think that I have to take in consideration according with my call business, thanks so much...I'm new one in the area and Dejam now is my best friends thanks Dejan. All the best, Victor... -
To whom to handover confidential data in case of a disaster?
In ideal condition we have a management team who is authorized to access particular data. but during any disaster (fire ,flood, breakdown attack etc) how to manage these important files or to whom we have to handover any confidential data.? -
Mandatory processes
ISO 27001 there are mandatory procedures, such as the audit process, but that is the same in ISO 27002 ? if so what are the mandatory procedure and references are.