Implementing ISMS for systems with different cyber security risks
Assign topic to the user
Answer:
I'm not sure if I understood your question correctly, but if you are asking how to cover the cyber security risks with ISO 27001 implementation for two different systems within the company, the answer is the following: one of the first steps in ISO 27001 implementation is to perform the risk assessment. Once you know which risks you have in those two systems, then you'll choose appropriate security controls that would fit either first or second system, or both. You'll have to list all of those controls in the Statement of Applicability, and make sure you define for which system is particular control intended for.
In other words, ISO 27001 does not prescribe upfront certain safeguards for certain systems, you have to find out the controls yourself through the analysis called risk assessment - you'll find more information here: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
This article will also help you: ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
Comment as guest or Sign in
Apr 27, 2016