Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk assessment
Answer:
For methods to gather security risks I suggest you to look for ISO 31010, the ISO standard for Risk assessment techniques.
These articles will provide you further explanation about risk assessment and ISO 31010:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- Diagram of ISO 27001:2013 Risk Assessment and Treatment process https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/ -
Filling template Key Contacts for Business Continuity
Answer:
ISO 22301 only requires that contact information is available, so organizations can define which one they can include in the Key Contacts for Business Continuity. But you have to note that with less alternatives to contact personnel, more difficult may be to reach them in case of need.
This article will provide you further explanation about communication:
- Enabling communication during disruptive incidents according to ISO 22301 https://advisera.com/27001academy/blog/2016/12/19/enabling-communication-during-disruptive-incidents-according-to-iso-22301/ -
Risk assessment template
Answer:
You can fill in the Risk assessment table in cycles, including only the few risks each time and analyzing them. If you identify that you still need more risks you can perform any cycles you want. This way you ensure to include the most important and relevant risks with less effort.
By the way, included in the toolkit you bought, you have access to a video tutorial that can help you fill in the risk assessment table. This video uses real data to make the understanding easier. -
Performance objectives and strategic objectives
Answer:
For me strategic objectives are performance objectives, but not all performance objectives are strategic. An organization can translate its strategic orientation into a set of objectives and targets, aligned with the quality policy. When we measure the organization’s performance against those strategic objectives, we are measuring the strategic performance. Besides strategic objectives an organization can have other objectives, for example can have process objectives that are not strategic. When we measure the organization’s performance against those process objectives, we are measuring performance or operational performance.
The following material will provide you information about implementing an ISO 9001 management system:
- ISO 9001 – How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- How to define Key Performance Indicators for a QMS based on ISO 9001 - https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
- free online webinar recorded Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Filling template
Answer:
Included with the toolkit you bought you have an access to a video tutorial that can help you fill in the Risk Assessment table. This video tutorial uses the real data to facilitate the process understanding.
In the second sheet of this template you will find a list of suggested assets, and also list of threats and vulnerabilities. -
Sharing resources
Answer:
If you can provide evidence that sharing the network cabinet will not affect your information security risks (e.g., through a risk assessment), or that there are implemented controls to maintain the risks in acceptable levels, then you will have no complications with your ISO 27001 implementation.
These articles will provide you further explanation about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- How to manage network security according to ISO 27001 A.13.1 https://advisera.com/27001academy/blog/2016/06/27/how-to-manage-network-security-according-to-iso-27001-a-13-1/
- How to manage the security of network services according to ISO 27001 A.13.1.2 https://advisera.com/27001academy/blog/2017/02/13/how-to-manage-the-security-of-network-services-according-to-iso-27001-a-13-1-2/
- Requirements to implement network segregation according to ISO 27001 control A.13.1.3 https://advisera.com/27001academy/blog/2015/11/02/requirements-to-implement-network-segregation-according-to-iso-27001-control-a-13-1-3/ -
Information labeling
Answer:
phpMyAdmin is an administration tool for MySQL databases, so as an application which shows information, you should consider including a label on the user interface (e.g., at the upper left corner of the screen) identifying the most sensitive information the application has access to.
This article will provide you further explanation about information labeling:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/ -
Audit procedure
Answer:
Regarding information about the audit process, I suggest these materials:
- Internal auditor courses https://advisera.com/training/?level=intermediate&topic=audit
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
To see how an audit procedure looks like, I suggest you to take a look at the free demo of our ISO 27001/ISO 22301 Internal Audit Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/
This toolkit can help you to perform an internal audit of information security and/or business continuity according to the requirements set in ISO 27001 and ISO 22301. -
Backups
Respuesta: Para gestionar las copias de seguridad, comunmente las compañías definen una política de backup, estableciendo la frecuencia de los backups (por ejemplo, diariamente, o semanalmente, o mensualmente), y la información que necesitan guardar en los backups (información de clientes, proveedores, desarrollo software, etc). También es muy importante planificar restauraciones de la información, para comprobar que las copias están bien, y se debería tener una copia de los backups en una ubicación distinta de la oficina principal. Finalmente, en caso de que tengas que transportar las copias de un lugar a otro, también deberías contemplar la posibilidad de cifrar la información. Todas estas cuestiones básicamente son recomendaciones establecidas en el estándar ISO 27002 (código de buenas prácticas), en el control A.12.3.1
Quizás est e artículo te puede interesar “Backup policy - How to determine backup frequency" : https://advisera.com/27001academy/blog/2013/05/07/backup-policy-how-to-determine-backup-frequency/
Y esta plantilla también te puede resultar interesante “Backup Policy” : https://advisera.com/27001academy/documentation/backup-policy/ -
IT strategy
Answer:
Considering your demands, I suggest you to take a look at the free demo of this Strategy Plan at this link: https://advisera.com/20000academy/documentation/strategy-plan
This document can help you record the strategic assessment, strategy generation and execution.
These articles will provide you further explanation about IT strategy:
- ITIL Strategy Plan – Are you sure you have this document? https://advisera.com/20000academy/blog/2015/05/26/itil-strategy-plan-are-you-sure-you-have-this-document/
- Strategy Management for IT Services – holding your steering wheel https://advisera.com/20000academy/blog/2013/10/22/strategy-management-services-holding-steering-wheel/