SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk Acceptance Criteria and Residual Risk
Hi friends, I have a question if you can help me. I'm establishing the Risk Methodology and I have established the risk levels and the Risk Acceptance Criteria, my question is: the residual risk is explicity in the risk acceptance criteria?? Or how I can establish the Residual Risk in my methodology? and its treatment?? Thank you so much Best Regards -
Which are better ways to test the BCP?
I have to comply with ISO 27001 requirements related with BCP, and one of this requirements is to test every year the plan, my doubt is the following: In big organizations with thousands of people and a lot of locations, which are the better ways to test the BCP, as far as I know it could be tested through real test, walkthrough and checklist... Which one is better? -
Who needs to sign an NDA?
Im buiding up the ISMS and I requested some positions in my company to sign on NDA in ISMS, but I dont know exactly who have to sign on NDA (eg. Director, CSO, Security Representative etc ). If Im the boss, do I have to sign on an NDA? -
How I can build my career in ISO 27k implementation and auditing
I am an info sec professional with 4 years of experience in penetration testing, Secure code reviews, PCI DSS testing for web apps and a base knowledge on ISO 27k . I would want to seek your advice on how i can build my career in ISO 27k implementation and auditing for organizations. Are you based in the UK? Is there a company that you run and train people on ISO 27K ? since i am passionate and want to build my career as a Lead auditor ISO systems i would want your advise and help in these lines. I am in the UK currently looking out for job opportunities. -
Applicable legislation control in ISO 27001
Do we need to identify only legal requirements related to information security or all the applicable laws and regulations (including HR, environment ... etc) -
How will we evaluate the deliverables of the consultant?
My organization is currently in the process of selecting a consultant for developing the following: BIA, RA, BC strategy, and BCP. Implementation, training and testing will be done by ourselves. -
Use old ISO 27001:2005 format for assessing the risks
VAPT or Risk analysis or risk treatment method has been changed or same as like 2005. Can I use old format for assess the asset register or i have to changed Kindly provide me guideline. -
Competences for business continuity specialists
In our company we have already implemented and certified ISO 14001, OHSAS 18001 and there are certain requirements within the assurance process for the competence of the people, like Awareness, Knowledge and Skill levels (this is how we apply the process for HSE Competencies). So, i wondered if there are any requirements already available for business continuity Specilaists. -
Responsibility for classifying the assets
I have a question about asset inventory, who is the responsible to establish and to assign the propietario of an asset? And, In my company, the assets/information classification is: -
Information Systems Audit Control
I would like to know exactly how to implmeent The control 15.3.1 of ISO 27001 (Information systems audit controls) Is it about logging users activities on systems ? thanks in advance