Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Toolkit content

  Quote
Guest
Guest user Created:   Mar 11, 2021 Last commented:   Mar 11, 2021

Toolkit content

Mientras tanto, te doy un poco de contexto de lo que buscamos a fin de que puedas por favor adelantarnos unas dudas por esta vía. En la organización hicimos un diagnostico de Ciberseguridad basado en NIST CSF, el cual entre otras cosas develó la necesidad de estructurar el Gobierno de Seguridad por medio de la elaboración y formalización de diferentes documentos (Políticas, Procedimientos, Normativas, etc), los cuales en gran medida hacen match con los documentos que ustedes ofrecen a través del "Paquete Premium ISO 27001+22301".

No obstante, observamos que hay un grupo de documentos que necesitamos desarrollar y que no se encuentran entre sus packs, lo que quisieramos saber es si quizás estén nombrados de otra forma, o incluso están contenidos como parte de otros documentos: 

·  Política y/o proceso de gestión de amenazas
·  Política y/o estrategia de monitoreo  
·  Política y/o proceso de gestión de vulnerabilidades
·  Política de gestión de datos (reposo, en tránsito y en terceros)
·  Política de obsolescencia y gestión de parches  
·  Política de gestión de la capacidad
·  Política de adopción de nuevas tecnologías  
·  Políticas y/o normas de gestión de líneas base de seguridad (Servers, SOs, Bases de datos, equipos telco, etc)
·  Política de logs de auditoría
·  Plan de comunicación corporativa para incidentes cibernéticos
·  Risk Impact Analysis (RIA)
·  Plan de Crisis

==

In the meantime, I give you a bit of context of what we are looking for so that you can please anticipate some doubts in this way. In the organization we made a Cybersecurity diagnosis based on NIST CSF, which among other things revealed the need to structure the Security Government through the preparation and formalization of different documents (Policies, Procedures, Regulations, etc.), which into a large extent they match the documents that you offer through the "Premium Package ISO 27001 + 22301".

However, we observe that there is a group of documents that we need to develop and that are not among their packs, what we would like to know is if they may be named in another way, or are even contained as part of other documents:

• Threat management policy and / or process
• Policy and / or monitoring strategy
• Policy and / or vulnerability management process
• Data management policy (rest, in transit and in third parties)
• Obsolescence policy and patch management
• Capacity management policy
• Policy for the adoption of new technologies
• Policies and / or management standards for security baselines (Servers, OSs, Databases, telco equipment, etc.)
• Audit log policy
• Corporate communication plan for cyber incidents
• Risk Impact Analysis (RIA)
• Crisis Plan

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 11, 2021

The following documents may cover the documents you mentioned (you should consider seeing their free demo to evaluate if they can fulfill your needs):
- Threat management policy and/or process: Incident Management Procedure https://advisera.com/27001academy/documentation/incident-management-procedure/
- Policy and/or monitoring strategy: Security Procedures for IT Department https://advisera.com/27001academy/documentation/security-procedures-for-it-department/
- Data management policy (rest, in transit and in third parties): Information Classification Policy https://advisera.com/27001academy/documentation/information-classification-policy/
- Risk Impact Analysis (RIA): Risk Assessment and Risk Treatment Methodology https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/
- Crisis Plan: Business Continuity Plan https://advisera.com/27001academy/documentation/business-continuity-plan/

For the remaining documents, they are not included in the toolkit because they are not commonly used in an ISO 27001 implementation, but in case you need to document them and find it difficult to write them by yourself, by buying the toolkit you will have access to support channels that you can use to clarify your doubts on how you should write them.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 11, 2021

Mar 11, 2021

Suggested Topics

Guest user Created:   Apr 07, 2022 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   Jan 25, 2022 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   Jan 20, 2022 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content - A.6.1