Convincing top management about the ISMS implementation
Assign topic to the user
No matter if the ISMS is mandatory by the law, you still have to convince the top management about the business benefits of such implementation - this article will help you: Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
2. How define which are our organizations actives and their owners during risk assessment when this organizations makes technical supporting (all of the other organizations servers are with us and also IT stuff, netflow etc.) to ministry and other organizations as well. I'm asking this question because I'm the organization's infosec manager which supports other oranizations technically and also other organizations have their infosec manager as well so how define which are our actives on the certain p rocesses when we are supporting to other organizations processes technically.
Answer:
If you are managing assets from other organizations, then these other organizations need to define their asset owners and risk owners. You can define asset owners and risk owners only for your own assets.
This article may help you: How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
Jan 12, 2016