Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11268 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Security Manager Position
There are some tasks that you need to perform in the maintenance of the ISMS, for more information, please read this article "How to maintain the ISMS after the certification" :

https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/
Firewall and suppliers

1. How to use ISO 27001 for an assessment around the firewall in a company.
2. How can I look into the governance around 3rd parties that the company work with, including those that they use for penetration testing (Using ISO 27001).

Answers:

Point 1:

The core of the ISO 27001 is the risk assessment & treatment, so you can think in a firewall as an asset (hardware type), so you can perform the risk assessment including the firewall as an asset. After the risk assessment, you will have the risk level related to the firewall (and you will need to perform the risk treatment). I think that this free webinar can be interesting for you The basics of risk assessment and treatment according to ISO 27001 : https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Also this article about how to use firewalls in ISO 27001 can be interesting for you How to use firewalls in ISO 27001 and ISO 27002 implementation : https://advisera.com/27001academy/blog/2015/05/25/how-to-use-firewalls-in-iso-27001-and-iso-27002-implementation/

Point 2:
Basically you will need a Supplier Security Policy, but for more information this article can be interesting for you 6-step process for handling supplier security according to ISO 27001 : https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
ISO 27001 courses for beginners

I would like to know about iso27001 courses for beginners. I have made some awareness presentations during my organizations internal audits so I already have introduction of iso27001.
Could you please send me guidance document on iso27001 courses for beginners rather than webinars because I want to read the details.

Answer:

Basically you can perform 2 type of courses depending if you want to be consultant of auditor:
Regarding to the consultant, this free webinar can be interesting for you How to become an ISO 27001 / BS 25999-2 consultant : https://advisera.com/27001academy/webinar/become-iso-27001-bs-25999-2-consultant-free-webinar/
And regarding to the lead auditor, this article can be interesting for you How to become ISO 27001 Lead Auditor : https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
Also this articles can be interesting for you:

How to learn about ISO 27001 and BS 25999-2 : https://advisera.com/27001academy/blog/2010/11/30/how-to-learn-about-iso-27001-and-bs-25999-2/
Lead Audito r Course vs. Lead Implemented Course Which one to go for? : https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/

Finally, all our resources (articles, webinars, ebooks, templates, etc) will give you a knowledge about information security (and also business continuity) that you can use to acquire knowledge and become a consultant or lead auditor of ISO 27001. So, we recommend you to review all our resources, and please feel free to ask us any doubt.
Pre-certification audit

The subject heading should give you an indication of what I need. what time frame am I looking at, implementing and conducting the pre-certification audit for an IT company of about 30 individuals. Can you perhaps send me an example of an ISMS? that would be very helpful.

Answer:

Sure, you will have our help. A pre-certification audit is not necessary by the standard (before the certification audit, only is necessary the internal audit), but it can be interesting for your company because can give you feedback about the situation and the level of compliance of your company, which can also help your company to face better the certification audit.
This article can be very interesting for you Becoming ISO 27001 certified How to prepare for certification audit : https://advisera.com/27001academy/iso-27001-certification/
Also this article can be interesting Should your company go for the ISO 27001 / ISO 22301 certification? : https://advisera.com/27001academy/iso-27001-certification/
And finally, this article about deviations of the audit (you need to avoid Major nonconformities), can be interesting for you Major vs. Minor nonconformities in the certification audit : https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
Finally, regarding to the example of ISMS, you can see our templates (you can see a free version clicking on Free Demo tab): https://advisera.com/27001academy/iso-27001-documentation-toolkit/
Functionalities of external auditor

Can i know the functionalities of external auditor?

Answer:

Basically review that all requirements established by the standard are in place in the organization. To do this, the lead auditor needs to perform interviews with staff of the organization, perform tests of security controls compliance, review of documentation, etc. Finally at the end of the audit the Lead Auditor also need to develop a report with all deviations detected, and it needs to be presented to the company.
If you are interested in become a lead auditor, this article can be interesting for you How to become ISO 27001 Lead Auditor : https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
Finally, maybe this article can be interesting for you "Infographic: The brain of an ISO auditor - What to expect at a certification audit" : https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/
Plan de Tratamiento de Riesgos y SOA

1.-Quisiera saber como elaborar un plan de tratamiento de riesgo en general. Existe alguna plantilla con los campos que debo considerar o recomendaciones de como hacerlo? Estoy a punto de certificarme como Auditor Interno en ISO 27001 y tengo esta duda .
2.-He revisado que existe varios formatos de SOA , que columnas si o si debería considerar en mi Declaración.

Respuestas:

Punto 1:

Si necesitas una plantilla para el Plan de Tratamiento de Riesgos, puedes usar esta (puedes ver una versión gratuita clickeando en la pestaña "Demo gratis"): https://advisera.com/27001academy/es/documentation/plan-de-tratamiento-de-riesgos/
Este artículo también te puede resultar interesante (en inglés) "Qualifications for an ISO 27001 Internal Auditor": https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
Por otra parte, ten en cuenta que no es lo mismo el Plan de Tratamiento de Riesgos, que el Proceso de Tratamiento de Riesgos, aquí podrás encontrar las diferencias (en inglés) Risk Treatment Plan and Risk Treatment Process Whats the difference? : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment

Punto 2:

Sobre el SOA, puedes usar nuestra plantilla (recuerda que puedes ver una versión gratuita clickeando en la pestaña "Demo gratis"): https://advisera.com/27001academy/es/documentation/declaracion-de-aplicabilidad/
Finalmente, quizás pueda resultarte interesante este artículo sobre el SOA (en inglés) The importance of Statement of Applicability for ISO 27001 : https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Job in information security

Please I would like to know if the tutorials and seminars you provide on your website is enough to land one a job in the Information Security Management Industry. Please I would also appreciate if you could advice me on the areas where one could focus in order to get a job in the Information Security Industry.

Answer:
All our resources (articles, webinars, ebooks, templates, etc) will give you a knowledge about information security (and also business continuity) that you can use to work in jobs as consultant or lead auditor of ISO 27001 (they are the main areas related to Information Security where you can work). So, we recommend you to review all our resources, and please feel free to ask us any doubt.
Regarding to the consultant, this free webinar can be interesting for you How to become an ISO 27001 / BS 25999-2 consultant : https://advisera.com/27001academy/webinar/become-iso-27001-bs-25999-2-consultant-free-webinar/
A nd regarding to the lead auditor, this article can be interesting for you How to become ISO 27001 Lead Auditor : https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
Knowledge about ISO 27001

I have a trouble relating to the human resource before implement ISO 27001. People in my company have the difference level about understanding security of ISO 27001. So how to implement any tech with the right expectations.

Answer:

It is not necessary that all people in the ISMS have an expert knowledge about the ISO 27001, or have expert knowledge about technology, so here it is important to train all people in basic terms about information security. To do this, I recommend you to see our free resources, for example Why ISO 27001 Awareness presentation here (you can also use the presentation to train your staff): https://advisera.com/27001academy/free-downloads/ .
About the technology, you need people in your company to implement certain security controls which are directly related with technology, but it is enough with basic knowledge (for example, knowledge about backups, control access, firewalls, anti-virus, etc). This article about firewalls can be interesting for you How to use firewalls in ISO 27001 and ISO 27002 imple mentation : https://advisera.com/27001academy/blog/2015/05/25/how-to-use-firewalls-in-iso-27001-and-iso-27002-implementation/
Finally this page about what is ISO 27001 can be also interesting for you: https://advisera.com/27001academy/what-is-iso-27001/
Also this article can be interesting for you "4 reasons why ISO 27001 is useful for techies" : https://advisera.com/27001academy/blog/2012/10/22/4-reasons-why-iso-27001-is-useful-for-techies/
Pass the certification examination

Please what are the things I need to know about ISO 27001 in order to pass the certification examination?

Answer:

We have a free webinar in our blog that will give you interesting information ISO 27001 Lead Auditor Course preparation training : https://advisera.com/training/iso-27001-lead-auditor-course/
Also this article can be interesting for you How to become ISO 27001 Lead Auditor : https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
Time to implement the transition from 2005 to 2013 revision of ISO 27001

Answer:

The timing depends on various elements, but generally the transition time will take you one third to one half of the time it took you to initially implement the standard.

You'll also find these materials useful:

ISO 27001 / ISO 22301 Implementation Duration Calculator https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/
How to make a transition from ISO 27001 2005 revision to 2013 revision https://advisera.com/27001academy/blog/2013/10/14/how-to-make-a-transition-from-iso-27001-2005-revision-to-2013-revision/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11268 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Security Manager Position

Firewall and suppliers

ISO 27001 courses for beginners

Pre-certification audit

Functionalities of external auditor

Plan de Tratamiento de Riesgos y SOA

Job in information security

Knowledge about ISO 27001

Pass the certification examination

Time to implement the transition from 2005 to 2013 revision of ISO 27001

Didn’t find an answer?