Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Que es la ISO 27001


    ¿Cuales son las normas de la ISO 27001?

     

    Respuesta:

    Aquí podrás ver información acerca de los elementos de los que se compone la ISO 27001. Tienes que hacer click en la sección "¿Cómo es?", en la siguiente página "¿Qué es norma ISO 27001?" : https://advisera.com/27001academy/es/que-es-iso-27001/

    Y si estás interesado en la implementación del estándar en tu organización, este artículo puede ser interesante para ti (en inglés) “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

  • Security certifications


    I am keen on taking some Security Audit Certifications. One that I have come to know of is ISO27001 / CISA. I am sure there would be other courses too which can help me boost my career profile.
    1. May I request your expert Advisors to guide me on the same so that I can make a decision and start.
    2. What are the differences between ISO 27001 Lead Auditor,ISO 27001/IT auditors & ISO 27001/information security consultants ?
     

    Answer:

    Point 1: Yes, you can arrange 30-minute free consultation with our expert: https://advisera.com/27001academy/consultation/ Anyway, one important thing is that it is not the same "computer security" (more related to the technology), that "information security" (more related to management). So, ISO 27001 and CISA are certifications related to information security, but if you are interested in computer security, maybe can be interesting for you “CEH (Certified Ethical Hacker” or “CPTE (Certified Penetration Testing Engineer)”. Anyway, regarding ISO 27001 and CISA this article can be interesting for you “CISA vs. ISO 27001 Lead Auditor certification” : https://advisera.com/27001academy/blog/2015/05/11/cisa-vs-iso-27001-lead-auditor-certification/
    Generally ISO 27001 Lead Auditor is more easy and can help you to know basic concepts about information security, so my recommendation is that you can start with this. In this case, please read this article “How to become ISO 27001 Lead Auditor” : https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
    Point 2: IT auditors is more related to technology, remember for example CEH and CPTE. Regarding ISO 27001 Lead Auditor or consultants, please read this article “Lead Auditor Course vs. Lead Implementer Course – Which one to go for?” : https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/

  • More information about ISO 27001


    Where can i find new or latest blog for mandatory procedures for ISMS according to the new version
    which is ISO 27001:2013. Its better to remove the old version, because i was about to follow that, and i just looked at the date which was 2010. I am just trying to implement this standard along with 9001 in a company and this website is really help full.
     

    Answer:

    Regarding the question about mandatory procedures in the ISO 27001:2013, you can read this article “List of mandatory documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
    All the information that you can find in our blog is in accordance with the ISO 27001, although there are articles more recent. You can see the last here: https://advisera.com/27001academy/blog/
    Regarding to the question about ISO 9001 and ISO 27001, this article can be interesting for you “Using ISO 9001 for implementation ISO 27001” : https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
    Finally keep in mind that ISO 9001 is being updated, and the final version is expected by the end of 2015. The structure of the new ISO 9001:2015 is more similar to the ISO 27001:2013, so probably it will be more easy implement both. I think that in this webinar you can know information about this “ISO 27001 implementation: How to make it easier using ISO 9001” : https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/

  • Information Security in Project Management


    I would like to know that 'Information Security in Project Management (A.6.1.5)' should be part of which policy/procedure document? I read the blog but didn't get any information related to that. 
     

    Answer:

    It should be part of the project plan, or also of the security policy, although it is not established in the standard, and only is a recommendation. Anyway it is not mandatory to have a document for this control, you can see the list of mandatory documents here “List of mandatory documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
    Anyway, for more information about the security in project management, please read this article “How to manage security in project management according to ISO 27001 A.6.1.5” : https://advisera.com/27001academy/what-is-iso-27001/

  • ISMS Manual


    I am sending this email to ask you about the changes in ISMS Manual based on ISO 27001:2013 version. We've a developed ISMS manual based on 2005 version but now migrating to 2013. 
    Q1: Is it required to modify the whole ISMS manual as the requirements in ISO 27001:2013 version are quite different than ISO 27001:2005 (e.g. 2005 version is developed using the PDCA approach but 2013 doesn't talk anything about it, though we're using the same approach). 
    Q2: Do we need to update the manual using the same chapter names as in 2013.
     

    Answer:

    Point Q1: The ISO 27001 Manual really is not necessary, I mean, it is not a mandatory document. You can see all mandatory document at this article “List of mandatory documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
    This article can be also interesting for you “Is the ISO 27001 Manual really necessary?” : https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/
    About your question related to the PDCA, it is not expressly displayed in the standard, but it is on it. Please read this article Has the PDCA Cycle been removed from the new ISO standards?“” : https://advisera.com/27001academy/blog/2014/04/13/has-the-pdca-cycle-been-removed-from-the-new-iso-standards/
    Point Q2: Although the Manual is not mandatory, you can maintain it if you want. In this case, I think that the right way is to adapt it to the structure of the new standard (see the clauses in the article above)

  • Plan for the implementation of procedures and controls


    My Customer is requesting a documented plan for the implementation of procedures and controls. What kind of document should that be?
     

    Answer:

    You can use this brief step by step guide for the implementation of procedures of controls “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
    You can also use our free resource “Project checklist for ISO 27001 implementation (MS Word)”. You can find it in our free downloads section : https://advisera.com/27001academy/free-downloads/

  • Application service transactions


    14.1.3 – ISO 27001 – Application Service transactions and their controls…. Based on the 2013 version and the new control definition I think It’s no longer about e commerce, but a more wider application service banner. 
    Please let me know what is "Application Service transactions" means. I tried doing some googling didn’t get much.
     

    Answer:

    Application Service transactions means generally any transaction that involves the interchange of information through a network between 2 applications, for example, as you know e-commerce, but also financial transactions between banks, or between a entity with a bank; transactions of database (for example, 2 database that are synchronizing information through Internet);  or a ERP that is connected with an externa site where send or receives information.
    Anyway, remember that here is not necessary to have a specific document for this control, if you want to know the list of mandatory documents required by ISO 27001:2013, please read this article “List of mandatory documents required by ISO 27001 (2 013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

  • Cumplimiento puntos 7.1 y 8.1 de la norma


    Un favor adicional, para el cumplimiento del punto 7.1 y 8.1 de la norma, con qué tipo de evidencias generalmente se cumple este requerimiento?

     

    Respuesta:

    En relación al punto 7.1: Necesitas evidencias sobre recursos que la compañía tiene para el establecimiento, implementación, mantenimiento y mejora continua del SGSI. Por tanto, necesitas registros sobre personas: competencias (por ejemplo perfil de puestos), concienciación (por ejemplo registros de asistencia a cursos); recursos financieros (presupuestos); recursos de TI (planes de capacidad), etc.
    En relación al punto 8.1: Necesitas registros sobre la aprobación de los objetivos de seguridad de la información, plan de proyecto, procesos externalizados y también necesitas registros sobre la aprobación de posibles cambios sobre estos.

    Por último, este artículo sobre los documentos y registros que son obligatorios (y no obligatorios) puede ser interesante para ti "L ista de documentos obligatorios exigidos por la norma ISO 27001 (revisión 2013)" : https://advisera.com/27001academy/es/blog/2015/05/04/lista-de-documentos-obligatorios-exigidos-por-la-norma-iso-27001-revision-2013/

  • BCM tools

    https://hub.docker.com/r/buyessay/good_essay

  • Download controls


    iso 27001-2013, how to download the 14 control, i want control with description
     

    Answer:

    There are 114 controls structured in 14 domains, here you can see an overview of them “Overview of ISO 27001:2013 Annex A” : https://advisera.com/27001academy/iso-27001-controls/
    And sorry but we have not a description of each control because you can see this information in the ISO 27001 standard. Furthermore we cannot give the full text of controls because this would break the intellectual property rights. So, you can buy the standard here : https://www.iso.org/standard/54534.html
    Anyway, the Statement of Applicability has the applicability of each control, so this document can be also interesting for you. You can see it here (see a free version of the document clicking on “Free Demo” tab) “Statement of Applicability” https://advisera.com/27001academy/documentation/statement-of-applicability/
Page 1059-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +