Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Disruption or Disaster?
Which criteria i can use in my DRP Plan to identifiy if a event is a disruption or disaster? I mean, define criteria to activate or not my DRP. -
Definition of Physical and Tehnical security and responsibilities
Glad I am join to this community. Here is my question: What is your definition of Physical and Tehnical security? What are areas which belongs to Physical and Technical security? How Financial institution should organise those security areas? I have not found specific definition, also I am not sure how responsibility should be delegated between CISO, CIO, Tehnical department... Physical access control, alarm central, antifire control, money transfer, UPS...Does it belongs to Physical or Tehnical security? Who is responsible? -
Difference between plans
Hello Dejan, What are the main difference between the business continuity plan, Incident response plan and recovery plans in your toolkit? For my DRP (IT Recovery), what are the more appropriate? -
Matching threats and vulnerabilities
Currently I'm doing Risk Assessments in my organization using your "Risk Assessment Table". I find it very difficult when it comes to matching Threats to Vulnerabilities. As you know I'm doing the assessments with System/Process owners or Department managers and this exercise needs a lot of corporation from them. I was wondering if it is possible to make this a much simpler approach. Like If a particular threat is selected only the vulnerabilities related to that threat will show up in the Vulnerabilities column, so it is much easier to match rather than scrolling through the whole list. Please advise on making this task simple. -
How can I approach the certification body to gain audit experience
I am started to learning of ISMS-ISO27001 controls and successfully completed the ISMS-Lead auditor course. How can i approach the certification body to gain my audit experiences and to became a lead auditor? Please give your valuable suggestions. -
Where to start from as a new CISO
Soon I'll achieve a position of CISO in a commercial organization. What should I start from on this position? What shall I do first? -
ISO 27001:2013 and KPIs
The iso 27001:2013 states that a organization shall use kpi's. Where in the toolbox can i find those kips? -
Roles and ResponsibilitiesAssets and risk assessment
The toolkit refers to several different positions, however every organization distributes it repsonsbilities the same way. Is there a comprehensive list of the required/needed areas of responsbilities so I can align that to the titles in my organization?hi, if I have lets say database server, i will consider it as one asset? or I have to add the server as asset and the database (oracle or sql) as another asset? and do I have to do it twice if I have one development database server and one production server? thank you -
Difference between the internal audit and the risk assessment
How does a risk assessment approach differ from that of an internal audit based on Iso27001? -
Certification body Interview
Hi Dejan, I need your help in a matter, we will have a first interview with a certification body for ISO 27001 certification next week, and I wonder what kind of questions should we ask them? what should we discuss exactly? NB: They have already sent us the offer of certification and we need to held a meeting before signing the contract Many Thanks