Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISMS Implementation using ISO 27001 version 2005 or 2013
In order to start with a new ISO27001 implementation, can make sense to begin using old 2005 methodology and then migrate to the 2013 new set of controls? My question is due to the fact that can be easier performing analysis and checklists in the old and well known way, instead of learning the new method at all. During the conversion phase, analists can take more confidence with the new standard and with its differences with the 2005 release .... -
Preparation plan as part of Business continuity strategy
In the Preparation plan template, there is 1 column on method for evaluation of results and i would need your advice on what would be the recommended /suitable methods for the evaluation of results. -
Quantity and quality of ISO 27001 documentation for certification audit
I have a question about certified process ISO 27001. I got the list of documents and register mandatory. However, I want to know your feedback regarding certified process. An certifier could evaluate the quality of these documents and register? Or only he evaluated the completeness and quantity? I always have had this question. The process wants both things?. what should I have in consideration for this process? -
Query regarding Server access and related Risks
Hi, One of our customer is asking access to Server to access source code. Our Networks team suggested opening Port 22 to give access to servers. Wanted to understand the Risks with this approach and is it good practice to give access to source code. -
Is clause 7.2 Competences of personnel mandatory in ISO 22301?
I have been reading your book Becoming Resilient. ISO 22301 . and I am enjoying it but I have a doubt: Why is in List of mandatory documents the clause 7.2 Competences of personnel? I believe the 7.2 clause is non-mandatory because it is within Awarness and Training Plan. I checked it and also the 7.2 clause is in non-mandatory list. Which is the reason for this clause being in two lists? -
ISMS scope in Quality Manual
Does ISMS scope document should have own document or can combine with quality manual if they have already implemented ISO 9001. -
Assessment of processes
Hello, I am actually assessing some processes in our ISMS, Can you please help me with some questions to ask or some Threats/vulnerabilities comprimising the availability, confidentiality and integrity of a process? Many Thanks -
Information security incident managment Categories
Hello, There are several categories of Information Security incidents management related to IT, e.g. : -Denial of service attack - Illegal use of software - Malicious code - Spam - ...etc I'd be grateful if you can list me some of IS incident categories other than IT security incidents, for example: - Physical interference in secure areas - Loss/Theft of laptop ... Thanks in advance -
Secure system engineering principles
clause A.14.2.5)Dear Dejan, could you please tell me what document or action should I prepare for the Secure system engineering principles (clause A.14.2.5) ? Thanks in advance Gökhan -
connection between BCP and security
Dear Mr. Kouti?, our CISO and Organisational Officer both see the close connection between BCP and information security in 27001 Standard. The question is whether to put CISO and BCP together in our organisation (perhaps in Compliance) or not. Do you see the connection between them in 27001 Standard and where (how to argue that) ? I work in a financial institution (bank). Thank you in advance and best regards!