Expert Advice Community

Guest

ISMS Controls

  Quote
Guest
brianhopla Created:   Nov 27, 2017 Last commented:   Nov 28, 2017

ISMS Controls

Considering that the control sets in ISO27002 are essentially open-source, unless there is any organisation specific control measure mentioned in the Annex A that might be particularly sensitive, would the SofA generally be considered a sensitive document in itself?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 28, 2017
Regardless of the control measures applied (open source, proprietary, etc.), the SoA should be always considered a sensitive document, because it contains information about the organization's security strategies and measures, and this information in wrong hands can help find or explore vulnerabilities.

This article will provide you further explanation about the Statement of Applicability:
-The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

These materials will also help you regarding the Statement of Applicability:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 27, 2017

Nov 28, 2017