brianhopla Created: Nov 27, 2017 Last commented: Nov 28, 2017

ISMS Controls

Considering that the control sets in ISO27002 are essentially open-source, unless there is any organisation specific control measure mentioned in the Annex A that might be particularly sensitive, would the SofA generally be considered a sensitive document in itself?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Nov 28, 2017

Regardless of the control measures applied (open source, proprietary, etc.), the SoA should be always considered a sensitive document, because it contains information about the organization's security strategies and measures, and this information in wrong hands can help find or explore vulnerabilities.

This article will provide you further explanation about the Statement of Applicability:
-The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

These materials will also help you regarding the Statement of Applicability:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 27, 2017

Nov 28, 2017

Expert Advice Community

ISMS Controls

ISMS Controls

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

ISMS Controls

ISMS controls refer to Finance

How long should the ISMS be in place before going for the certification audit