Search results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Who should write mandatory documents in organization?

    Nice 

  • Retention for SIEM

    The identification of such times will depend on the results of risk assessment and applicable legal requirements (i.e., laws, regulations, and contracts), considering each country you want to cover.

    As a tip, you could define an initial time retention period (e.g., 1 year) and see if this would fit your business and legal needs, and adjust it in a case by case basis.

    For further information, see:

    • Logging according to ISO 27001 A.8.15 https://advisera.com/27001academy/logging-according-to-iso-27001/
    • Risk treatment https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment

    • Data leakage prevention

      Unfortunately, such a template is not available. ISO 27001 does not require a specific document for data loss prevention, and it is not a commonly used document.

      For the development of such a document, we suggest you consider the following topics:

      • definition of responsibilities for data leakage prevention
      • definition of steps for data leakage prevention
      • definition of which type of information requires the application of data leakage prevention measures
      • definition of technologies to be implemented for data leakage prevention
      • definition of acceptable behavior for users regarding Internet use

      Considering this suggestion, you can use the highlighted sections mentioned in the documents in the first answer to start your document.

    • Internal auditor selection

      It means that you can hire an external auditor. But also, it means that no matter that you are a small company, you can audit each other. So, you do not need to have one internal auditor, but all of you can audit each other's work. 

    • MDR classification

      For the classification rules and help with the classification please see the following guidance:

Page 23-vs-13485 of 1130 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +