Search results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Knowledge about ISO 27001


    I have a trouble relating to the human resource before implement ISO 27001. People in my company have the difference level about understanding security of ISO 27001. So how to implement any tech with the right expectations.
     

    Answer:

    It is not necessary that all people in the ISMS have an expert knowledge about the ISO 27001, or have expert knowledge about technology, so here it is important to train all people in basic terms about information security. To do this, I recommend you to see our free resources, for example “Why ISO 27001 – Awareness presentation” here (you can also use the presentation to train your staff): https://advisera.com/27001academy/free-downloads/ . 
    About the technology, you need people in your company to implement certain security controls which are directly related with technology, but it is enough with basic knowledge (for example, knowledge about backups, control access, firewalls, anti-virus, etc). This article about firewalls can be interesting for you “How to use firewalls in ISO 27001 and ISO 27002 imple mentation” : https://advisera.com/27001academy/blog/2015/05/25/how-to-use-firewalls-in-iso-27001-and-iso-27002-implementation/
    Finally this page about what is ISO 27001 can be also interesting for you: https://advisera.com/27001academy/what-is-iso-27001/ 
    Also this article can be interesting for you "4 reasons why ISO 27001 is useful for techies" : https://advisera.com/27001academy/blog/2012/10/22/4-reasons-why-iso-27001-is-useful-for-techies/
  • Pass the certification examination


    Please what are the things I need to know about ISO 27001 in order to pass the certification examination?

     

    Answer:

    We have a free webinar in our blog that will give you interesting information “ISO 27001 Lead Auditor Course preparation training” : https://advisera.com/training/iso-27001-lead-auditor-course/ 
    Also this article can be interesting for you “How to become ISO 27001 Lead Auditor” : https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
  • Time to implement the transition from 2005 to 2013 revision of ISO 27001


    Answer:

    The timing depends on various elements, but generally the transition time will take you one third to one half of the time it took you to initially implement the standard.

    You'll also find these materials useful:

    ISO 27001 / ISO 22301 Implementation Duration Calculator https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/
    How to make a transition from ISO 27001 2005 revision to 2013 revision https://advisera.com/27001academy/blog/2013/10/14/how-to-make-a-transition-from-iso-27001-2005-revision-to-2013-revision/
  • ISO 27001 and knowledge about technology


    I am coordinating for ISO 27001 external audits for past 11 months, I heard that for undergoing ISMS Lead Auditor training you should have experience in Information Technology. I dont have any experience in Information technology domain. Still can i undergo that training.
     

    Answer:

    The ISO 27001:2013 is based on information systems and technology (as you know, the Annex A has 114 security controls, although there are some controls not related with technology, for example all about humans resources, supplier relationships, compliance, etc),  and it is a good point to have knowledge about technologies, but it is not strictly necessary. So, I think you can perform the ISMS Lead Auditor training without problems. Please, read this article “How to become ISO 27001 Lead Auditor” : https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
    Also this free webinar can be interesting for you “ISO 27001 Lead Aud itor Course preparation training” : https://advisera.com/training/iso-27001-lead-auditor-course/
  • ISO 27001 powerpoint presentation

    I think that the best presentation for an awareness that can help you is “Why ISO 27001 – Awareness presentation”. You can find it in the free downloads section: https://advisera.com/27001academy/free-downloads/
    Also this article can be interesting for you “How to perform training & awareness for ISO 27001 and ISO 22301” : https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
    Finally you can get the Division of tasks & time plan here: https://advisera.com/27001academy/consultants/
  • ISO 22301 into ISO 27001


    Send me a doc..about how to fit BCM ISO 22301 into ISO27001 to my mail 
     

    Answer:

    I suppose that you want to implement ISO 22301 in an organization which also has the ISO 27001. If so, there are some common points that you can take advantage, but definitely you will need to develop new documents. Here you can see a list of mandatory documents of ISO 27001 “List of mandatory documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
    And the same for ISO 22301 “Mandatory documents required by ISO 22301” : https://advisera.com/27001academy/knowledgebase/mandatory-documents-required-by-iso-22301/
    This article also can be interesting for you "How to use ISO 22301 for the implementation of business continuity in ISO 27001" : https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/
    Finally, you can see our Premium toolkit about ISO 27001 and ISO 22301, which gives yo u all necessary documents for both systems. You can see a free version of all documents clicking on “Free Demo” tab here: https://advisera.com/27001academy/iso-27001-22301-premium-documentation-toolkit/
  • Weakness, event and incident


    Kindly enlighten me with what is the difference between IS weakness, event and incident? 
    In my opinion, weakness can be an event if it is exploited. And an event can be an incident if it endangers the CIA of organization's information asset.
     

    Answer:

    Ok, you are right. In accordance with ISO 27000:2012, a vulnerability "is a weakness of an asset or control that can be exploited by one or more threats”, and an event “is an occurrence or change of a particular set of circumstances” and “An event can sometimes be referred to as an ‘incident’ or ‘accident’ “. So, an incident can be an event.
  • Is an accreditation body a government body?

    1. Is an accredited body a government body?
    In accordance with SAC, the accreditation is (you can see this definition in the FAQ page https://www.sac-accreditation.gov.sg/resources/faq:
    Accreditation is the endorsement by an authoritative body (such as SAC) of an organisation's competence, credibility, independence and integrity in carrying out its conformity assessment activities, such as testing, calibration, inspection and certification.
    So, an accreditation body needs to be independent, so usually is a body related to the govern of each country.
    2. From my understanding, an accredited body is the body that certifies organisation. (This is my company’s goal, to become an accredited body). Thus, in order to become an accredited body, does my company needs to be certify the ISO/IEC 27001 requirements first?
    If you want to certifies companies, you need to be a certification body, and you need to be accredited by the accreditation body of your country (SAC). For more information to obtain the accreditation, you can also see the FAQ page of SAC, please read What is the general procedure for getting accreditation? : https://www.sac-accreditation.gov.sg/resources/faq. And in this case I think that it is not necessary that your company certify the ISO 27001, but you need to implement the ISO 17021 and ISO 27006.
  • Number of ISO 27001 certificates


    During the recent webinar, I asked a question about how many 27001 certifications there were globally and you said around 25,000.  Are you able to give me a little more - how many 27001:2013 and how many are UK based for each of 2005 and 2013 versions.
     

    Answer [reply by EAC]

    ISO (International Organization for Standardization) publishes every year a report with the number of certificates (of all ISOs) in the world. You can filter here by your country and the ISO 27001 (it is only available until year 2013): https://www.iso.org/the-iso-survey.html?certificate=ISO/IEC%2027001&countrycode=#standardpick
    Also you can download a PDF with all results. Regarding 27001:2005 vs ISO 27001:2013, the lasts results of ISO are related to ISO 27001:2005, so maybe you will need to wait this year to see the number of ISO 27001:2013 certificates published in the world.
  • Kit documentacion


    ¡Hola! El kit de documentación que ofrecen incluye la implementación de los controles de la Norma ISO-27001
     

    Respuesta:

    Claro, nuestro toolkit incluye todos los documentos necesarios para la implementación de la ISO 27001 en tu organización. Esto significa que el toolkit tiene todos los documentos obligatorios, incluyendo aquellos relacionados con el PDCA y también aquellos documentos relacionados con los controles de seguridad, además incluye algunos documentos no obligatorios. Si quieres ver la lista de documentos obligatorios de la ISO 27001 (y no obligatorios), por favor lee el siguiente artículo "Lista de documentos obligatorios exigidos por la norma ISO 27001 (revisión 2013)" : https://advisera.com/27001academy/es/blog/2015/05/04/lista-de-documentos-obligatorios-exigidos-por-la-norma-iso-27001-revision-2013/
    En cualquier caso, ten en cuenta que que son plantillas, y necesitas adaptarlas a tu negocio, pero para ello puedes contar con nuestro apoyo. Puedes ver una versión gratuita de todos los documentos clickeando en "Demo gratis" : https://advisera.com/27001academy/es/paquete-de-documentos-sobre-iso-27001/
Page 1065-vs-13485 of 1130 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +