Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Control A.12.1.1
In the "Mandatory documents and records required by ISO 27001:2013" section on the iso27001standard website, a document called "Operating procedures for IT management" is mentioned. However, the associated control (A.12.1.1) simple says "Documented operating procedures: Operating procedures shall be documented and made available to all users who need them" and mentions nothing about "IT management", so I'm wondering where that term came from. -
Question about ISO 27002
Why it is necessary to use of ISO 27002? if just certified ISO 27001. -
Which assets to assess during the risk assessment
My client is currently in the gap analysis phase of ISO 27001. The question I ave is: they have over 500 business applications. Do we need to risk assess all 500 applications? -
How to learn about infosec?
1. I have no or little experience in infosec but I want to get into this area any tips? -
ISO27001:2013 A.14.1.3 - Protecting application service transactions
Hi, For control A.14.1.3 - "Information involved in application service transactions shall be protected to prevent incomplete transmission, mis-routing, unauthorized message alteration, unauthorized disclosure, unauthorized message duplication or replay." I'm not clear exactly what this is asking and how it applies to us. Our company builds and manages cloud based software, and internally we use both cloud based and on-premise applications, so I expect that it will relate to these. But I'm not sure how. Can anyone please give me an example of how this control is implemented in their environment. Alternatively a better explanation of exactly what this control means will be great? Regards Damian -
If a UK parent company is ISO 22301 certified is the US subordinate company also
covered?If a UK parent company is ISO 22301 certified is the US subordinate company also covered? -
About ISO 27003 for ISO/IEC 27001:2013
I have a question if you can help me please: Is the ISO/IEC 27003:2010 adjustable for implementing ISO/IEC 27001:2013, or is applicable only 2005 version? -
Documents of external origin
I have a question about something in the "Procedure for document record control" document. Section 4, titled "Documents of external origin". Being such a small shop, I wonder if this is necessary for us. Can you give me an example of what kind of documents are tracked in the mail register? -
Secure Development Policy
14.2.1 control )Hi Dejan. In ISO27002:2013 standard. in new control 14.2.1 (Secure Development Policy) : 1-What is the meaning of secure repositories? 2- What is the meaning of revision control in ""f) security in the version control""? Does it mean version of software that be developed? 3- Please explain how to consider security in software development life cycle? Best Regards -
ISO 27001 certification
I have a prospect working towards 27001 certification but they are using the 2013 revision and I am still on 2005 revision. I have read your blogs on the changes, etc. but have not yet purchased the updated standard. Can you tell me if the 2013 revision still refers to 11 security control clauses, or has that number changed?