the goal for me is to implement the iso 27001 in our data IP network with FIREWALL the question is: what do I h a v e to do?
Answer:
You can see the implementation as a project, so the first thing that you need is a project plan. You can find a free template for the project plan in our free download section Project plan for ISO 27001 / ISO 22301 implementation : https://advisera.com/27001academy/free-downloads/
Furthermore this article about the steps that are common in the implementation of ISO 27001 can be also interesting for you ISO 27001 implementation checklist : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
Finally, this article about firewalls can be interesting for you "How to use firewalls in ISO 27001 and ISO 27002 implementation" : https://advisera.com/27001academy/blog/2015/05/25/how-to-use-firewalls-in-iso-27001-and-iso-27002-implementation/ We have received this question:
I am in the process of identifying assets for our organization. I ended up identifying several key IT s ervices which enable various business processes. For example:
IT Service: EMAIL
Information Assets: Supports Communication and storage of Customer Information
Application: MS Exchange
OS: Windows Server 2008 r2
Hardware: HP DL380
Facility: DataCenter
In my risk assessment where do I reference the IT Service and Information Assets line, or are they just ignored? Should I reference them in any other documents? I thought this was a helpful way to group as it shows relationships.
Answer:
From my point of view, you should not ignore the IT service, you can identify it as an asset of type service, and assign to it threats/vulnerabilities (in accordance with your methodology). You can reference this type of asset in the same document that you already have, I mean, in your asset inventory.
Finally, do you need information about threats and vulnerabilities that can affect to your assets? This article can be interesting for you Catalogue of threats & vulnerabilities : https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
Can be interesting for you these articles:
"How to handle Asset register (Asset inventory) according to ISO 27001" : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
"ISO 27001 risk assessment: How to match assets, threats and vulnerabilities" : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
Comment as guest or Sign in
Jan 13, 2016