Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Confidentiality level in Incident Management Procedure
I’m just started completing the template “Incident Management Procedure”. I would like to know, which “Confidentiality level” I need to write please ?
-
how to get iso27001 certification if I have soc2 certification already?
My company has achieve the Soc2 certification but I want to know, how can I use this to achieve ISO27001.
-
Contradictions between Toolkits and video tutorials
We are confused and ask for your clarification upon the found subject contradiction between ISO 27000 video tutorial 103: ISMS Policy and the Integrated ISO 27000/EU GDPR Toolkit.
The video tutorial is focused on the Information Security Management System Policy implementation based on a document template from the Toolkit. However, in the Integrated ISO 27000/EU GDPR Toolkit there is a document named Information Security Policy Integrated which content differs from that shown in the tutorial. ISMS Policy template is missing in Conformio too.
There is no video tutorial available for Information Security Policy implementation.
Are those policies different? Please be so kind to clarify the content contradiction between those two sources.
-
What role should person doing Internal Audit have?
Does the person doing the Internal Audit need to have an IT Security Job Title or Role?
-
export to PDF of internal audit report
The PDF is only showing 1 page (essentially a cover page) and not all of the corresponding audit items and relevent details. Is this by design? Can the full audit details be exported to PDF or is this a bug?
-
Cyber Awareness Training
Thank you. My training is going well. I'm so busy and can't take the training every day. The main thing - implementation.
1 - How to start ? What have to be done the first?
2 - How to start auditing the company on Information Security?
-
ISO 22301 Toolkit - BIA questionnaire questions
Currently, I have several questions regarding the business impact analysis questionnaire. Let me ask you below.
1. Should each process (activity) fill part 2 of the worksheet? Or maybe only those that were rated on a scale of 3 and higher in the course of the analysis and also those activities indicated as necessary for their functioning?
2. With reference to qualitative estimation. In your opinion, is it good practice to define the scale of financial losses as described below for general estimation (point no. 3 of the questionnaire)? Do you often use such a solution?
1 - less than 1% of monthly revenues
2 - 1-10% of monthly revenues
3 - 10-30% of monthly revenues
4 - over 30% of monthly revenues3. If I add revenue ranges in point no. 3 of the questionnaire, should I do this also in point no. 10?
4. If I have 2 locations in my company that perform the same processes, but separately - independently - should I analyze them separately or collectively? How about averaging the data in one questionnaire?
-
Standard Operating Procedures in ISO 27001
Which document in iso 27001 matches a company Standard Operating Procedures?
-
CONFORMIO - Assets management
Please be so kind to clarify: given the fact that risk assessment in Conformio can be conducted based on groups of assets how we can assess each individual asset in Conformio? The same issue is applicable also for threats, vulnerabilities, likelihood, etc. Thank you in advance for the reply. -
Risk Consultation
Can I include information security objectives within the risk treatment plan? How should I include the information security objectives in the asset list and then assess the risks and treat them?