Search the web
Sign In
New User? Sign Up
iso-27001 · ISO 27001
  • Members Only
  • Post
  • Files
  • Photos
  • Calendar
  • Promote
  • Groups Labs (Beta)
? Already a member? Sign in to Yahoo!

Yahoo! Groups Tips

Did you know...
Show off your group to the world. Share a photo of your group with us.

Best of Y! Groups

   Check them out and nominate your group.
Having problems with message search? Fill out this form to ensure your group is one of the first to be migrated to the new message search system.

Messages

   Messages Help
Message #
Search:
Advanced
Messages 423 - 452 of 452   Newest  |  < Newer  |  Older >  |  Oldest
Messages: Show Message Summaries   (Group by Topic) Sort by Date v  
#452 From: Sam Franklin <f_muthiah@...>
Date: Mon Nov 23, 2009 10:01 am
Subject: Re: Re: ISO 27001 - Implementation Training - Advise 		f_muthiah
Offline Offline
Send Email Send Email
 
Thank you'll for all the advise,  happened to have participated in a training offered by BSI.  The training was OK,  we are getting started on defining the scope of our implementation.  Any information on JSP 440 certification would be appreciated as our organization is interested to compliment itself once the ISMS is complete.
 
Thanks,
Muthiah
 

--- On Tue, 10/20/09, vinayak7 <vinayak.ram@...> wrote:

From: vinayak7 <vinayak.ram@...>
Subject: [iso-27001] Re: ISO 27001 - Implementation Training - Advise
To: iso-27001@yahoogroups.com
Date: Tuesday, October 20, 2009, 2:41 AM

 
Never been a big fan of these training courses. IMHO, it offers little value and is more than not a big waste on time and  resources. 

The documentation in the standard is quite self-sufficient to understand what is required. Moreover, there is enough reference material available online to read up and understand from the experiences of others. 

-V

--- In iso-27001@yahoogrou ps.com, Vikas Dhanker <dhankervikas@ ...> wrote:
>
> Check the Course contents.. Means what they are going to teach in 5 days..
> and also the profile of the trainer and then you can talk to the trainer,
> inorder to know whether he is a good communicator and a good teacher or just
> a knowleagable person who can't communicate his/ her knowledge properly
>
> On Sun, Oct 18, 2009 at 6:13 PM, Deejay N djisms@... wrote:
>
> >
> >
> > Hi Muthiah,
> >
> >
> >
> > Since the ISMS standard cannot change, the institute will not make much of
> > a difference. I am sure there are many people in this forum who have been
> > trained from different institutes.
> >
> >
> >
> > Having said that, I would advice you to check on the *trainer's profile*(overall experience in QMS, years of Info Sec exp, the number of
> > implementations / consultations / audits on ISMS, etc). What you learn will
> > directly depend on the trainer's experience. I personally believe that along
> > with the knowledge mandated by the standard, the hands-on implementation
> > tips the trainer can provide will be helpful.
> >
> >
> >
> > Also, check on the batch size, logistics, etc. Sometimes this can be
> > frustrating if it is not well organised as the program runs for multiple
> > days.
> >
> >
> >
> >
> >
> > Cheers,
> >
> > Dhananjaya Rao.N
> >
> >
> >
> >
> > ------------ --------- ---------
> > *From:* Sam Franklin f_muthiah@.. .
> > *To:* iso-27001@yahoogrou ps.com
> > *Sent:* Fri, October 16, 2009 6:13:34 PM
> > *Subject:* [iso-27001] ISO 27001 - Implementation Training - Advise
> >
> >
> >
> >
> > Hello Team,
> >
> > We are planning to enroll in ISO 27001 security professional
> > implementation training, which would be the best?
> >
> > STQC or BSI
> >
> > Advice would be very much appreciated.
> >
> > Thanks,
> > Muthiah
> >
> >
> > --- On *Wed, 10/14/09, Thukaram Mahadev <mahadev_geetha@ yahoo.com>*wrote:



Reply | Forward | Messages in this Topic (14)
#451 From: "ryounan76276" <rwilliam@...>
Date: Thu Oct 29, 2009 8:30 am
Subject: Effect of Iso 27001 on IT industry 		ryounan76276
Offline Offline
Send Email Send Email
  
- How far Iso 27001 has an effect on IT industry?

- can you give me examples of this effect?


- Is Iso 27001 has an effect on IT regulations ?

Reply | Forward | Messages in this Topic (1)
#450 From: Hrvoje Komestik <komestik@...>
Date: Wed Oct 21, 2009 11:00 am
Subject: Re: Re: ISO 27001 - Implementation Training - Advise 		komestik
Online Now Online Now
Send Email Send Email
 
I'd choose the cheapest course, but would look into the other participants' curriculums.
The cooperation with the participants brought me the most value in the courses.
best of luck!..

From: vinayak7 <vinayak.ram@...>
To: iso-27001@yahoogroups.com
Sent: Tue, October 20, 2009 11:41:51 AM
Subject: [iso-27001] Re: ISO 27001 - Implementation Training - Advise

 

Never been a big fan of these training courses. IMHO, it offers little value and is more than not a big waste on time and  resources. 


The documentation in the standard is quite self-sufficient to understand what is required. Moreover, there is enough reference material available online to read up and understand from the experiences of others. 

-V

--- In iso-27001@yahoogrou ps.com, Vikas Dhanker <dhankervikas@ ...> wrote:
>
> Check the Course contents.. Means what they are going to teach in 5 days..
> and also the profile of the trainer and then you can talk to the trainer,
> inorder to know whether he is a good communicator and a good teacher or just
> a knowleagable person who can't communicate his/ her knowledge properly
>
> On Sun, Oct 18, 2009 at 6:13 PM, Deejay N djisms@... wrote:
>
> >
> >
> > Hi Muthiah,
> >
> >
> >
> > Since the ISMS standard cannot change, the institute will not make much of
> > a difference. I am sure there are many people in this forum who have been
> > trained from different institutes.
> >
> >
> >
> > Having said that, I would advice you to check on the *trainer's profile*(overall experience in QMS, years of Info Sec exp, the number of
> > implementations / consultations / audits on ISMS, etc). What you learn will
> > directly depend on the trainer's experience. I personally believe that along
> > with the knowledge mandated by the standard, the hands-on implementation
> > tips the trainer can provide will be helpful.
> >
> >
> >
> > Also, check on the batch size, logistics, etc. Sometimes this can be
> > frustrating if it is not well organised as the program runs for multiple
> > days.
> >
> >
> >
> >
> >
> > Cheers,
> >
> > Dhananjaya Rao.N
> >
> >
> >
> >
> > ------------ --------- ---------
> > *From:* Sam Franklin f_muthiah@.. .
> > *To:* iso-27001@yahoogrou ps.com
> > *Sent:* Fri, October 16, 2009 6:13:34 PM
> > *Subject:* [iso-27001] ISO 27001 - Implementation Training - Advise
> >
> >
> >
> >
> > Hello Team,
> >
> > We are planning to enroll in ISO 27001 security professional
> > implementation training, which would be the best?
> >
> > STQC or BSI
> >
> > Advice would be very much appreciated.
> >
> > Thanks,
> > Muthiah
> >
> >
> > --- On *Wed, 10/14/09, Thukaram Mahadev <mahadev_geetha@ yahoo.com>*wrote:



Reply | Forward | Messages in this Topic (14)
#449 From: "vinayak7" <vinayak.ram@...>
Date: Tue Oct 20, 2009 9:41 am
Subject: Re: ISO 27001 - Implementation Training - Advise 		vinayak7
Offline Offline
Send Email Send Email
 
Never been a big fan of these training courses. IMHO, it offers little value and is more than not a big waste on time and  resources. 

The documentation in the standard is quite self-sufficient to understand what is required. Moreover, there is enough reference material available online to read up and understand from the experiences of others. 

-V

--- In iso-27001@yahoogroups.com, Vikas Dhanker <dhankervikas@...> wrote:
>
> Check the Course contents.. Means what they are going to teach in 5 days..
> and also the profile of the trainer and then you can talk to the trainer,
> inorder to know whether he is a good communicator and a good teacher or just
> a knowleagable person who can't communicate his/ her knowledge properly
>
> On Sun, Oct 18, 2009 at 6:13 PM, Deejay N djisms@... wrote:
>
> >
> >
> > Hi Muthiah,
> >
> >
> >
> > Since the ISMS standard cannot change, the institute will not make much of
> > a difference. I am sure there are many people in this forum who have been
> > trained from different institutes.
> >
> >
> >
> > Having said that, I would advice you to check on the *trainer's profile*(overall experience in QMS, years of Info Sec exp, the number of
> > implementations / consultations / audits on ISMS, etc). What you learn will
> > directly depend on the trainer's experience. I personally believe that along
> > with the knowledge mandated by the standard, the hands-on implementation
> > tips the trainer can provide will be helpful.
> >
> >
> >
> > Also, check on the batch size, logistics, etc. Sometimes this can be
> > frustrating if it is not well organised as the program runs for multiple
> > days.
> >
> >
> >
> >
> >
> > Cheers,
> >
> > Dhananjaya Rao.N
> >
> >
> >
> >
> > ------------------------------
> > *From:* Sam Franklin f_muthiah@...
> > *To:* iso-27001@yahoogroups.com
> > *Sent:* Fri, October 16, 2009 6:13:34 PM
> > *Subject:* [iso-27001] ISO 27001 - Implementation Training - Advise
> >
> >
> >
> >
> > Hello Team,
> >
> > We are planning to enroll in ISO 27001 security professional
> > implementation training, which would be the best?
> >
> > STQC or BSI
> >
> > Advice would be very much appreciated.
> >
> > Thanks,
> > Muthiah
> >
> >
> > --- On *Wed, 10/14/09, Thukaram Mahadev <mahadev_geetha@ yahoo.com>*wrote:


Reply | Forward | Messages in this Topic (14)
#448 From: sandeep walia <er_sandeep@...>
Date: Tue Oct 20, 2009 6:04 am
Subject: Re: Re: Scope is InfoSec department 		er_sandeep
Offline Offline
Send Email Send Email
 
I agree with dejan,
 
And my experinec of working with big organsation ( having multiple locn & web presence) is that almost all controls as suggetsed in 27K are applicable.
 
Sandeep

--- On Sat, 17/10/09, dejan.kosutic <dkosutic@...> wrote:

From: dejan.kosutic <dkosutic@...>
Subject: [iso-27001] Re: Scope is InfoSec department
To: iso-27001@yahoogroups.com
Date: Saturday, 17 October, 2009, 3:42 PM

 
Hi,

You cannot take the approach one-fits-all - you have to perform a risk assessment (clauses 4.2.1 d & e of ISO 27001 standard), and then in the risk treatment (clauses 4.2.1 f & g) conclude which controls are applicable for decreasing your risks.

Best regards,

Dejan Kosutic
ISO 27001 Lead Auditor / ISMS consultant

--- In iso-27001@yahoogrou ps.com, Aun Motani <aunmotani@. ..> wrote:
>
> Dear members,
>
> I have been assigned a task to implement ISMS in a large size organisation and the scope of is make Information Security Division compliant with ISO27001 standard.
>
> In this connection can anyone advice me what type of controls should be implemented in infosec division?
>
> regards,
>


Now, send attachments up to 25MB with Yahoo! India Mail. Learn how.

Reply | Forward | Messages in this Topic (6)
#447 From: Vikas Dhanker <dhankervikas@...>
Date: Tue Oct 20, 2009 3:21 am
Subject: Re: ISO 27001 - Implementation Training - Advise 		dhankervikas
Offline Offline
Send Email Send Email
 
Check the Course contents.. Means what they are going to teach in 5 days.. and also the profile of the trainer and then you can talk to the trainer, inorder to know whether he is a good communicator and a good teacher or just a knowleagable person who can't communicate his/ her knowledge properly

On Sun, Oct 18, 2009 at 6:13 PM, Deejay N <djisms@...> wrote:
 

Hi Muthiah,

 

Since the ISMS standard cannot change, the institute will not make much of a difference. I am sure there are many people in this forum who have been trained from different institutes.

 

Having said that, I would advice you to check on the trainer's profile (overall experience in QMS, years of Info Sec exp, the number of implementations / consultations / audits on ISMS, etc). What you learn will directly depend on the trainer's experience. I personally believe that along with the knowledge mandated by the standard, the hands-on implementation tips the trainer can provide will be helpful.

 

Also, check on the batch size, logistics, etc. Sometimes this can be frustrating if it is not well organised as the program runs for multiple days.

 

 

Cheers,

Dhananjaya Rao.N

 



From: Sam Franklin <f_muthiah@...>

To: iso-27001@yahoogroups.com
Sent: Fri, October 16, 2009 6:13:34 PM
Subject: [iso-27001] ISO 27001 - Implementation Training - Advise

 


Hello Team,
 
   We are planning to enroll in ISO 27001 security professional implementation training,  which would be the best? 
 
STQC or BSI
 
   Advice would be very much appreciated.
 
   Thanks,
   Muthiah


--- On Wed, 10/14/09, Thukaram Mahadev <mahadev_geetha@ yahoo.com> wrote:

From: Thukaram Mahadev <mahadev_geetha@ yahoo.com>
Subject: Re: [iso-27001] iso 27001 technology or not?
To: iso-27001@yahoogrou ps.com

Date: Wednesday, October 14, 2009, 11:09 PM

 
Dear Rania,

Well below are MY opinion and view about yoru queries

Is ISO a tecnology or not ?
Not purely, ISO is a standard which describes what measures are to be taken on the domains it feels are to be adressed. It involves both Technology and quality initiatives like policies and procedures that are required to be implemented.
ISO27001 specifically has few controls which are mandatory to be addressed (either implement security control or accept the risk based on your business needs which is justifiable) .

How can we make integration between Tecnology and Bussiness throuh ISO 277001 ?
I feel the adaptation of ISO27001 itslef is a good practice to integrate Technology and Business.

How can ISO 277001 affect on E signature?
Esignature implemnetation at an organization can help for compliance to some Identity and Access Management control required/specified by ISO27001 to a particular business process/unit.

Hope my above opinion and view of mine will be helpful to you.

Regards.
Mahadev



--- On Tue, 13/10/09, ryounan76276 <rwilliam@mcit. gov.eg> wrote:

From: ryounan76276 <rwilliam@mcit. gov.eg>
Subject: [iso-27001] iso 27001 technology or not?
To: iso-27001@yahoogrou ps.com
Date: Tuesday, 13 October, 2009, 2:44 PM

 
Dear sir,

I have some questions related to ISO 27001 , so plz, help me

- Is ISO a tecnology or not ?

- How can we make integration between Tecnology and Bussiness throuh ISO 277001 ?

- How can ISo 277001 affect on E signature?

plz, waiting your reply urgently

Regards,

rania


Add whatever you love to the Yahoo! India homepage. Try now!





--
Best Regards
Vikas Dhanker
+1 303 520 4395
http://www.linkedin.com/pub/4/aa5/ab2

Reply | Forward | Messages in this Topic (14)
#446 From: Siddi Rizwaan Damad <siddirizwaan@...>
Date: Sun Oct 18, 2009 12:46 pm
Subject: Re: Scope is InfoSec department 		siddirizwaan
Offline Offline
Send Email Send Email
 
Dear Aun,
 
What is the basis for your organisation to select the Inforsec Department for ISO27001 certification?
Certification should be done for the organisation or the department that supports the core business activity.
Eg: Software development company or bank can go for IT department or datacenter certification.
 
There would be many control that wont be applicable to Inforsec. for eg.. patch management, software development, Network security control, as that is not their business process.
Just concentrate on what they do. One thing is possible, Infosec can have an OLA with IT for its systems and equipments they use, than more controls will come into picture....
 
Regards,
RIZ
 

--- On Sat, 10/17/09, Aun Motani <aunmotani@...> wrote:

From: Aun Motani <aunmotani@...>
Subject: [iso-27001] Scope is InfoSec department
To: iso-27001@yahoogroups.com
Date: Saturday, October 17, 2009, 1:07 AM

 
Dear members,

I have been assigned a task to implement ISMS in a large size organisation and the scope of is make Information Security Division compliant with ISO27001 standard.

In this connection can anyone advice me what type of controls should be implemented in infosec division?

regards,



Reply | Forward | Messages in this Topic (6)
#445 From: Deejay N <djisms@...>
Date: Mon Oct 19, 2009 12:18 am
Subject: Re: Scope is InfoSec department 		djisms
Offline Offline
Send Email Send Email
 

I agree to what others have said - Risk Assessment. Bingo! you have the controls. :)
 

 
From: Eric Regalado <er_regalado@...>
To: iso-27001@yahoogroups.com
Sent: Sun, October 18, 2009 1:29:12 AM
Subject: Re: [iso-27001] Scope is InfoSec department

 


My advice: do a risk assessment.

From: Aun Motani <aunmotani@yahoo. com>
To: iso-27001@yahoogrou ps.com
Sent: Sat, October 17, 2009 1:07:30 PM
Subject: [iso-27001] Scope is InfoSec department

 

Dear members,

I have been assigned a task to implement ISMS in a large size organisation and the scope of is make Information Security Division compliant with ISO27001 standard.

In this connection can anyone advice me what type of controls should be implemented in infosec division?

regards,




Reply | Forward | Messages in this Topic (6)
#444 From: Deejay N <djisms@...>
Date: Mon Oct 19, 2009 12:13 am
Subject: Re: ISO 27001 - Implementation Training - Advise 		djisms
Offline Offline
Send Email Send Email
 
Hi Muthiah,

 

Since the ISMS standard cannot change, the institute will not make much of a difference. I am sure there are many people in this forum who have been trained from different institutes.

 

Having said that, I would advice you to check on the trainer's profile (overall experience in QMS, years of Info Sec exp, the number of implementations / consultations / audits on ISMS, etc). What you learn will directly depend on the trainer's experience. I personally believe that along with the knowledge mandated by the standard, the hands-on implementation tips the trainer can provide will be helpful.

 

Also, check on the batch size, logistics, etc. Sometimes this can be frustrating if it is not well organised as the program runs for multiple days.

 

 

Cheers,

Dhananjaya Rao.N

 



From: Sam Franklin <f_muthiah@...>
To: iso-27001@yahoogroups.com
Sent: Fri, October 16, 2009 6:13:34 PM
Subject: [iso-27001] ISO 27001 - Implementation Training - Advise

 


Hello Team,
 
   We are planning to enroll in ISO 27001 security professional implementation training,  which would be the best? 
 
STQC or BSI
 
   Advice would be very much appreciated.
 
   Thanks,
   Muthiah


--- On Wed, 10/14/09, Thukaram Mahadev <mahadev_geetha@ yahoo.com> wrote:

From: Thukaram Mahadev <mahadev_geetha@ yahoo.com>
Subject: Re: [iso-27001] iso 27001 technology or not?
To: iso-27001@yahoogrou ps.com
Date: Wednesday, October 14, 2009, 11:09 PM

 
Dear Rania,

Well below are MY opinion and view about yoru queries

Is ISO a tecnology or not ?
Not purely, ISO is a standard which describes what measures are to be taken on the domains it feels are to be adressed. It involves both Technology and quality initiatives like policies and procedures that are required to be implemented.
ISO27001 specifically has few controls which are mandatory to be addressed (either implement security control or accept the risk based on your business needs which is justifiable) .

How can we make integration between Tecnology and Bussiness throuh ISO 277001 ?
I feel the adaptation of ISO27001 itslef is a good practice to integrate Technology and Business.

How can ISO 277001 affect on E signature?
Esignature implemnetation at an organization can help for compliance to some Identity and Access Management control required/specified by ISO27001 to a particular business process/unit.

Hope my above opinion and view of mine will be helpful to you.

Regards.
Mahadev



--- On Tue, 13/10/09, ryounan76276 <rwilliam@mcit. gov.eg> wrote:

From: ryounan76276 <rwilliam@mcit. gov.eg>
Subject: [iso-27001] iso 27001 technology or not?
To: iso-27001@yahoogrou ps.com
Date: Tuesday, 13 October, 2009, 2:44 PM

 
Dear sir,

I have some questions related to ISO 27001 , so plz, help me

- Is ISO a tecnology or not ?

- How can we make integration between Tecnology and Bussiness throuh ISO 277001 ?

- How can ISo 277001 affect on E signature?

plz, waiting your reply urgently

Regards,

rania


Add whatever you love to the Yahoo! India homepage. Try now!



Reply | Forward | Messages in this Topic (14)
#443 From: Eric Regalado <er_regalado@...>
Date: Sat Oct 17, 2009 2:29 pm
Subject: Re: Scope is InfoSec department 		er_regalado
Offline Offline
Send Email Send Email
 

My advice: do a risk assessment.

From: Aun Motani <aunmotani@...>
To: iso-27001@yahoogroups.com
Sent: Sat, October 17, 2009 1:07:30 PM
Subject: [iso-27001] Scope is InfoSec department

 

Dear members,

I have been assigned a task to implement ISMS in a large size organisation and the scope of is make Information Security Division compliant with ISO27001 standard.

In this connection can anyone advice me what type of controls should be implemented in infosec division?

regards,



Reply | Forward | Messages in this Topic (6)
#442 From: "dejan.kosutic" <dkosutic@...>
Date: Sat Oct 17, 2009 10:12 am
Subject: Re: Scope is InfoSec department 		dejan.kosutic
Offline Offline
Send Email Send Email
  
Hi,

You cannot take the approach one-fits-all - you have to perform a risk
assessment (clauses 4.2.1 d & e of ISO 27001 standard), and then in the risk
treatment (clauses 4.2.1 f & g) conclude which controls are applicable for
decreasing your risks.

Best regards,

Dejan Kosutic
ISO 27001 Lead Auditor / ISMS consultant



--- In iso-27001@yahoogroups.com, Aun Motani <aunmotani@...> wrote:
>
> Dear members,
>
> I have been assigned a task to implement ISMS in a large size organisation and
the scope of is make Information Security Division compliant with ISO27001
standard.
>
> In this connection can anyone advice me what type of controls should be
implemented in infosec division?
>
> regards,
>

Reply | Forward | Messages in this Topic (6)
#441 From: Aun Motani <aunmotani@...>
Date: Sat Oct 17, 2009 5:07 am
Subject: Scope is InfoSec department 		aunmotani
Offline Offline
Send Email Send Email
  
Dear members,

I have been assigned a task to implement ISMS in a large size organisation and
the scope of is make Information Security Division compliant with ISO27001
standard.

In this connection can anyone advice me what type of controls should be
implemented in infosec division?

regards,

Reply | Forward | Messages in this Topic (6)
#440 From: Sam Franklin <f_muthiah@...>
Date: Fri Oct 16, 2009 7:13 am
Subject: ISO 27001 - Implementation Training - Advise 		f_muthiah
Offline Offline
Send Email Send Email
 

Hello Team,
 
   We are planning to enroll in ISO 27001 security professional implementation training,  which would be the best? 
 
STQC or BSI
 
   Advice would be very much appreciated.
 
   Thanks,
   Muthiah


--- On Wed, 10/14/09, Thukaram Mahadev <mahadev_geetha@...> wrote:

From: Thukaram Mahadev <mahadev_geetha@...>
Subject: Re: [iso-27001] iso 27001 technology or not?
To: iso-27001@yahoogroups.com
Date: Wednesday, October 14, 2009, 11:09 PM

 
Dear Rania,

Well below are MY opinion and view about yoru queries

Is ISO a tecnology or not ?
Not purely, ISO is a standard which describes what measures are to be taken on the domains it feels are to be adressed. It involves both Technology and quality initiatives like policies and procedures that are required to be implemented.
ISO27001 specifically has few controls which are mandatory to be addressed (either implement security control or accept the risk based on your business needs which is justifiable) .

How can we make integration between Tecnology and Bussiness throuh ISO 277001 ?
I feel the adaptation of ISO27001 itslef is a good practice to integrate Technology and Business.

How can ISO 277001 affect on E signature?
Esignature implemnetation at an organization can help for compliance to some Identity and Access Management control required/specified by ISO27001 to a particular business process/unit.

Hope my above opinion and view of mine will be helpful to you.

Regards.
Mahadev



--- On Tue, 13/10/09, ryounan76276 <rwilliam@mcit. gov.eg> wrote:

From: ryounan76276 <rwilliam@mcit. gov.eg>
Subject: [iso-27001] iso 27001 technology or not?
To: iso-27001@yahoogrou ps.com
Date: Tuesday, 13 October, 2009, 2:44 PM

 
Dear sir,

I have some questions related to ISO 27001 , so plz, help me

- Is ISO a tecnology or not ?

- How can we make integration between Tecnology and Bussiness throuh ISO 277001 ?

- How can ISo 277001 affect on E signature?

plz, waiting your reply urgently

Regards,

rania


Add whatever you love to the Yahoo! India homepage. Try now!


Reply | Forward | Messages in this Topic (14)
#439 From: Denny Sugiri <denny_sugiri@...>
Date: Fri Oct 16, 2009 4:11 am
Subject: How to become IRCA ISO 27001 Auditor 		denny_sugiri
Offline Offline
Send Email Send Email
  
Dear All..

I've passed ISMS  Auditor/ Lead Auditor Training Course, Course No A172077
certified by IRCA
in Dec 2007,  now  i want to become an IRCA ISO 27001 Auditor before my course
certificate is expire.

But still confuse how to become a certified IRCA ISO 27001  Auditor,
without put my company name as sponsor because i will pay the IRCA
certificate admission fee from my own money.

can anyone help me ?

best regards,

Denny Sugiri

Reply | Forward | Messages in this Topic (1)
#438 From: "Daniel" <daniel@...>
Date: Thu Oct 15, 2009 4:02 pm
Subject: Re: iso 27001 technology or not? 		dburwitzuk
Offline Offline
Send Email Send Email
  
Hi Rania,

Hope, I get this right:

>> Is ISO a tecnology or not ?
ISO is short of International Standards Organisation.
The standard ISO 27001 defines requirements for information security management
within a business organisation.
The aim is to allow the organisation to maintain the security of its information
assets and so to comply with laws, regulations and standards and with its own
needs.
This standard is certifiable.

>> How can we make integration between Tecnology and Bussiness throuh ISO 277001
?
Did you mean ISO 27001?
ISO27001 is implemented in an organisation such that the business objectives and
business rules are being met, where possible. To achieve this, processes and
vulnerabilities are assessed. They could be manual or technological nature.
The controls of a risk such as malware could be technological or other.

>> How can ISo 277001 affect on E signature?
ISO27001 also specifies security requirements for how to use cryptography. So,
that is the link to E signature, I guess

Hope that helps
Regards
Daniel



--- In iso-27001@yahoogroups.com, "ryounan76276" <rwilliam@...> wrote:
>
> Dear sir,
>
>
>
> I have some questions related to ISO 27001 , so plz, help me
>
>
>
> - Is ISO a tecnology or not ?
>
> - How can we make integration between Tecnology and Bussiness throuh ISO
277001 ?
>
> - How can ISo 277001 affect on E signature?
>
>
>
> plz, waiting your reply urgently
>
>
>
> Regards,
>
> rania
>

Reply | Forward | Messages in this Topic (14)
#437 From: Bhavesh Pandey <bhavesh.pandey@...>
Date: Wed Oct 14, 2009 10:27 am
Subject: Re: iso 27001 technology or not? 		bhavesh.pandey
Offline Offline
Send Email Send Email
 
ISO 27001 is a global standard  for Information Security Management System. You have to decide that how it is beneficial for your organization. ISO 27001 provides only guidelines rest your management has to decide.
 
Regards,
Bhavesh

--- On Tue, 10/13/09, ryounan76276 <rwilliam@...> wrote:

From: ryounan76276 <rwilliam@...>
Subject: [iso-27001] iso 27001 technology or not?
To: iso-27001@yahoogroups.com
Date: Tuesday, October 13, 2009, 2:44 PM

 
Dear sir,

I have some questions related to ISO 27001 , so plz, help me

- Is ISO a tecnology or not ?

- How can we make integration between Tecnology and Bussiness throuh ISO 277001 ?

- How can ISo 277001 affect on E signature?

plz, waiting your reply urgently

Regards,

rania



Reply | Forward | Messages in this Topic (14)
#436 From: Thukaram Mahadev <mahadev_geetha@...>
Date: Thu Oct 15, 2009 6:09 am
Subject: Re: iso 27001 technology or not? 		mahadev_geetha
Offline Offline
Send Email Send Email
 
Dear Rania,

Well below are MY opinion and view about yoru queries

Is ISO a tecnology or not ?
Not purely, ISO is a standard which describes what measures are to be taken on the domains it feels are to be adressed. It involves both Technology and quality initiatives like policies and procedures that are required to be implemented.
ISO27001 specifically has few controls which are mandatory to be addressed (either implement security control or accept the risk based on your business needs which is justifiable).

How can we make integration between Tecnology and Bussiness throuh ISO 277001 ?
I feel the adaptation of ISO27001 itslef is a good practice to integrate Technology and Business.

How can ISO 277001 affect on E signature?
Esignature implemnetation at an organization can help for compliance to some Identity and Access Management control required/specified by ISO27001 to a particular business process/unit.

Hope my above opinion and view of mine will be helpful to you.

Regards.
Mahadev



--- On Tue, 13/10/09, ryounan76276 <rwilliam@...> wrote:

From: ryounan76276 <rwilliam@...>
Subject: [iso-27001] iso 27001 technology or not?
To: iso-27001@yahoogroups.com
Date: Tuesday, 13 October, 2009, 2:44 PM

 

Dear sir,

I have some questions related to ISO 27001 , so plz, help me

- Is ISO a tecnology or not ?

- How can we make integration between Tecnology and Bussiness throuh ISO 277001 ?

- How can ISo 277001 affect on E signature?

plz, waiting your reply urgently

Regards,

rania


Add whatever you love to the Yahoo! India homepage. Try now!

Reply | Forward | Messages in this Topic (14)
#435 From: Vikas Dhanker <dhankervikas@...>
Date: Thu Oct 15, 2009 12:58 am
Subject: Re: iso 27001 technology or not? 		dhankervikas
Offline Offline
Send Email Send Email
 
Hi Rania
ISO is not a technology, it is an association. ISO - International Organization for Standardization.
ISo 27001 is the management system standard used to implement the Information security. This uses Technology as a tool to implement the controls. We choose the business processes in which we have to implement these technology, so we can say that management systems can integrate the technology and business
 
Regards
Vikas Dhanker 

On Tue, Oct 13, 2009 at 3:14 AM, ryounan76276 <rwilliam@...> wrote:
 

Dear sir,

I have some questions related to ISO 27001 , so plz, help me

- Is ISO a tecnology or not ?

- How can we make integration between Tecnology and Bussiness throuh ISO 277001 ?

- How can ISo 277001 affect on E signature?

plz, waiting your reply urgently

Regards,

rania




--
Best Regards
Vikas Dhanker
+1 303 520 4395
http://www.linkedin.com/pub/4/aa5/ab2

Reply | Forward | Messages in this Topic (14)
#434 From: Okunwa Aduragbemi <adura4u2nv@...>
Date: Wed Oct 14, 2009 2:17 pm
Subject: Implementing ISO-27001 		adura4u2nv
Offline Offline
Send Email Send Email
 
Hi All,
 
I need clarification on the steps required to implent ISO27001 in my environment.
 
I have completed the SOA for iso-27001 and need to get more fact on how the implentation phase of thisstandard can be achieved from SOA.
 
Awaits your response all.
 
Thank you.


Reply | Forward | Messages in this Topic (1)
#433 From: Rob Kloots <rkloots2001@...>
Date: Wed Oct 14, 2009 12:16 pm
Subject: Re: iso 27001 technology or not? 		rob_kloots
Offline Offline
Send Email Send Email
 
Hello Rania,
 
- Is ISO a technology or not ?
Thank you for your bulls eye question.
ISO 270001 is not a technology. ISO 27000x has to do with Mindset.
It relates both to Technology and Business.
It also relates to Regulations, beit from Country or Industry.
 
- How can we make integration between Technology and Business throuh ISO 277001 ?
By embedding the Mindset in the Organisation and the management practice.
By adapting forementioned Regulations using a subset of ISO 270001, thus creating your company's standard.
The adoptation of additional internal controls will follow suit.
 
- How can ISO 270001 affect on E signature?
Now that we have your-Company-standard,
your-Company-Guideline may prescribe certain services and functions
(to be provided by Technology and Organisation) enabling compliance to specific items of
your-Company-standard.
 
My 2cts
 
with kind regards/met vriendelijke groet,


Rob Kloots
Director
CSF b.v.
gsm +31 65.329.1515


From: ryounan76276 <rwilliam@...>
To: iso-27001@yahoogroups.com
Sent: Tue, October 13, 2009 11:14:06 AM
Subject: [iso-27001] iso 27001 technology or not?

 

Dear sir,

I have some questions related to ISO 27001 , so plz, help me

- Is ISO a tecnology or not ?

- How can we make integration between Tecnology and Bussiness throuh ISO 277001 ?

- How can ISo 277001 affect on E signature?

plz, waiting your reply urgently

Regards,

rania



Reply | Forward | Messages in this Topic (14)
#432 From: m naseem <naseem_sab@...>
Date: Wed Oct 14, 2009 9:30 am
Subject: Re: iso 27001 technology or not? 		naseem_sab
Offline Offline
Send Email Send Email
 
Dear Rania,
Q1:
Ans : ISO 27001 is not technology, This is ISO Standard
Q2:
Ans:
This is so simple to integrate your business with ISO 27001, first of all read the standard ISO 1799 implemenation. I hope that you can understand all of.
i am IT professional this is my personal experience i have a lot IT polices and procedures so i have study both standards and set the our requirements in those standards so i got the solution how do integrate this standard with iso 27001.
for business point of view you have the following documents
  1. Policies & Procedures
  2. Risk Assement and Treatment
  3. Roles and Responsibilites
  4. Buessiness Continuity Planning
  5. Disaster Recovery Planning
  6. Compliaces with (Policies and Procedures)
if you have done above it so you are easy integare your business in iso 27001
 
I hope that you have understand my guideline
 
Regards
 
 


--- On Tue, 10/13/09, ryounan76276 <rwilliam@...> wrote:

From: ryounan76276 <rwilliam@...>
Subject: [iso-27001] iso 27001 technology or not?
To: iso-27001@yahoogroups.com
Date: Tuesday, October 13, 2009, 2:14 PM

 
Dear sir,

I have some questions related to ISO 27001 , so plz, help me

- Is ISO a tecnology or not ?

- How can we make integration between Tecnology and Bussiness throuh ISO 277001 ?

- How can ISo 277001 affect on E signature?

plz, waiting your reply urgently

Regards,

rania



Reply | Forward | Messages in this Topic (14)
#431 From: "dejan.kosutic" <dkosutic@...>
Date: Wed Oct 14, 2009 8:23 am
Subject: Re: iso 27001 technology or not? 		dejan.kosutic
Offline Offline
Send Email Send Email
  
Hi Rania,

ISO stands for International Standardization Organization, which is the body
that publishes the standards. ISO 27001 itself is a standard, not the
technology.

This standards is somewhere between the management and technology. It defines
how the management can control the information security and relating technology
- the standard provides the methodology to assess risks, choose the controls
(part of them will be ICT controls) to decrease those risks, set the objectives
for those controls, and supervise the implementation.

If the risk assessment concludes that there are risks related to integrity of
information sent by e-mail, digital signature might be one of the controls that
would have to be implemented.

Best regards,

Dejan Kosutic
ISO 27001 Lead Auditor / ISMS consultant


--- In iso-27001@yahoogroups.com, "ryounan76276" <rwilliam@...> wrote:
>
> Dear sir,
>
>
>
> I have some questions related to ISO 27001 , so plz, help me
>
>
>
> - Is ISO a tecnology or not ?
>
> - How can we make integration between Tecnology and Bussiness throuh ISO
277001 ?
>
> - How can ISo 277001 affect on E signature?
>
>
>
> plz, waiting your reply urgently
>
>
>
> Regards,
>
> rania
>

Reply | Forward | Messages in this Topic (14)
#430 From: "ryounan76276" <rwilliam@...>
Date: Tue Oct 13, 2009 9:14 am
Subject: iso 27001 technology or not? 		ryounan76276
Offline Offline
Send Email Send Email
  
Dear sir,



I have some questions related to ISO 27001 , so plz, help me



- Is ISO a tecnology or not ?

- How can we make integration between Tecnology and Bussiness throuh ISO 277001
?

- How can ISo 277001 affect on E signature?



plz, waiting your reply urgently



Regards,

rania

Reply | Forward | Messages in this Topic (14)
#429 From: Deejay N <djisms@...>
Date: Tue Aug 11, 2009 3:02 am
Subject: Re: Asset Owners & Scope of Work 		djisms
Offline Offline
Send Email Send Email
 
You can draw a line and limit the certification scope to the physical boundary and not include the client assets that you are made custodians of. But, you will have to clearly mention this in your scope.
 
Double check your contractual obligations. This can become a potential show-stopper. A generic warning - the clients will normally assume that you are covering their assets as well in such cases.  :)
 
 
Cheers
Dhananjay

From: sandeep walia <er_sandeep@...>
To: iso-27001@yahoogroups.com
Sent: Monday, August 10, 2009 8:58:58 PM
Subject: Re: [iso-27001] Asset Owners & Scope of Work

 

 you mention the data hosting services as the scope of your ISO
 
In such cases all teh servers hosted are out of scope of ISO 27K , however those servers & devices which are essential to give those services comes under scope of 27K,

--- On Sat, 8/8/09, Jatin Sehgal <ncnsa7@yahoo. com> wrote:

From: Jatin Sehgal <ncnsa7@yahoo. com>
Subject: [iso-27001] Asset Owners & Scope of Work
To: iso-27001@yahoogrou ps.com
Date: Saturday, 8 August, 2009, 6:28 PM

 
Dear All,
 
We are into data centre services, most of our hosted servers/other assets are owned by the people (clients) who sit out of their offices and not in our premises making us just the custodians of their assets.
 
In this case, should this be mentioned in the scope & boundaries of the ISMS?? How does it impact my ISMS? I have a doubt as in my asset inventory, owners are not part of the organisation which seeks certification.
 
Any detailed explanation would be much appreciated.
 
Regards
 


Love Cricket? Check out live scores, photos, video highlights and more. Click here.



Reply | Forward | Messages in this Topic (10)
#428 From: "marioruicosta" <ccmario@...>
Date: Mon Aug 10, 2009 9:10 am
Subject: Re: Asset Owners & Scope of Work 		marioruicosta
Offline Offline
Send Email Send Email
  
Hello Jatin Sehgal,

About scope, yes you must include them.
About considering  hosted servers as asset, My oppinion is you may include in
your assets, but of different kind.

Regards,
Mário
--- In iso-27001@yahoogroups.com, Jatin Sehgal <ncnsa7@...> wrote:
>
> Dear All,
>  
> We are into data centre services, most of our hosted servers/other assets are
owned by the people (clients) who sit out of their offices and not in our
premises making us just the custodians of their assets.
>  
> In this case, should this be mentioned in the scope & boundaries of the ISMS??
How does it impact my ISMS? I have a doubt as in my asset inventory, owners are
not part of the organisation which seeks certification.
>  
> Any detailed explanation would be much appreciated.
>  
> Regards
>  
>

Reply | Forward | Messages in this Topic (10)
#427 From: sandeep walia <er_sandeep@...>
Date: Mon Aug 10, 2009 10:58 am
Subject: Re: Asset Owners & Scope of Work 		er_sandeep
Offline Offline
Send Email Send Email
 
 you mention the data hosting services as the scope of your ISO
 
In such cases all teh servers hosted are out of scope of ISO 27K , however those servers & devices which are essential to give those services comes under scope of 27K,

--- On Sat, 8/8/09, Jatin Sehgal <ncnsa7@...> wrote:

From: Jatin Sehgal <ncnsa7@...>
Subject: [iso-27001] Asset Owners & Scope of Work
To: iso-27001@yahoogroups.com
Date: Saturday, 8 August, 2009, 6:28 PM

 
Dear All,
 
We are into data centre services, most of our hosted servers/other assets are owned by the people (clients) who sit out of their offices and not in our premises making us just the custodians of their assets.
 
In this case, should this be mentioned in the scope & boundaries of the ISMS?? How does it impact my ISMS? I have a doubt as in my asset inventory, owners are not part of the organisation which seeks certification.
 
Any detailed explanation would be much appreciated.
 
Regards
 


Love Cricket? Check out live scores, photos, video highlights and more. Click here.

Reply | Forward | Messages in this Topic (10)
#426 From: Jatin Sehgal <ncnsa7@...>
Date: Sat Aug 8, 2009 12:58 pm
Subject: Asset Owners & Scope of Work 		ncnsa7
Offline Offline
Send Email Send Email
 
Dear All,
 
We are into data centre services, most of our hosted servers/other assets are owned by the people (clients) who sit out of their offices and not in our premises making us just the custodians of their assets.
 
In this case, should this be mentioned in the scope & boundaries of the ISMS?? How does it impact my ISMS? I have a doubt as in my asset inventory, owners are not part of the organisation which seeks certification.
 
Any detailed explanation would be much appreciated.
 
Regards
 


Reply | Forward | Messages in this Topic (10)
#425 From: Dharmendra <dbavale@...>
Date: Wed Jul 29, 2009 12:32 pm
Subject: Re: Compliance of ISO 27001 		dharmu_r
Online Now Online Now
Send Email Send Email
  
Dear Sunil,

there is nothing called 100% compliance. There is always some level of
improvement would be required after every audit. (Experienced auditors
will always recommed some improvements.)


you can do complaince checking based on the regular audits and
periodic checking of the processes and procedures followed by the
users.

Let me know if you need further details on this.

I can share some checklist for the same if you are interested. (offline)

Regards,
Dharmendra T.

On 27/07/2009, Suneel Panjwani <suneelnp@...> wrote:
> Dear ISO-27001 Members,
>
> Can anyone provide/share the Ideas/Tips on compliance checking, how one
> can ensure 100% compliance of ISO 27001 in an organization.
>
> Your prompt response will be highly appreciated.
>
> Sincerely,
>
> Suneel K.Panjwani | MS Computer Science, MCS, ISO 27001 LI, CISA
> Assistant Manager Enterprise Security | Central Depository Company of
> Pakistan Limited
> Mobile: 92-334-2269345 Landline (Res): 92-21-5211567
>
>
>


--
Regards,
Dharmendra T.

Reply | Forward | Messages in this Topic (2)
#424 From: Suneel Panjwani <suneelnp@...>
Date: Tue Jul 28, 2009 6:13 am
Subject: Compliance of ISO 27001 		suneelnp
Offline Offline
Send Email Send Email
 
Dear ISO-27001 Members,
 
Can anyone provide/share the Ideas/Tips on compliance checking, how one can ensure 100% compliance of ISO 27001 in an organization.
 
Your prompt response will be highly appreciated.

Sincerely,
 
Suneel K.Panjwani | MS Computer Science, MCS, ISO 27001 LI, CISA
Assistant Manager Enterprise Security | Central Depository Company of Pakistan Limited
Mobile: 92-334-2269345 Landline (Res): 92-21-5211567


Reply | Forward | Messages in this Topic (2)
#423 From: Eric Regalado <er_regalado@...>
Date: Thu Jul 23, 2009 2:18 pm
Subject: Re: Implementation of Statement of Applicability 		er_regalado
Offline Offline
Send Email Send Email
 

Your previous email said "ideal way" and the email before that says "the only way".  Which is which?

An organization can implement ISO 27001 controls even BEFORE risk assessment.  You don't need a risk assessment to have walls and doors (which are security controls) installed.

Cheers!
Eric


From: Dharmendra <dbavale@...>
To: iso-27001@yahoogroups.com
Sent: Wednesday, July 22, 2009 4:41:46 PM
Subject: Re: [iso-27001] Implementation of Statement of Applicability

 

I believe that doing SOA before the RIsk Assessment is not the right way of doing it as you will not know which control you are going to implement and which is not. So ideal way of preparing SOA is after the risk assessment phase.


Controls can be implemented based on Risk Assessment. this is as per ISO 27001 I said. YOu will implement the controls only after your risk assessment that is once you have your risk treatment plan ready.

Regards,
Dharmendra T.

2009/7/22 Eric Regalado <er_regalado@ yahoo.com>
 

You can draft SOA only after finishing your Risk Assessment phase. After your risk assessment you will clearly know what controls are applicable for you and what not. If there are controls which are not applicable, then you have to mention in the SOA stating the same. Like for ex. teleworking is not applicable, reason being organization is not allowing any users to connect to companies network.

Not entirely true.  The Standard requires that SOA contain details of existing security controls.  You can do this BEFORE the conduct of risk assessment.
 
 


Controls are implemented based on your risk assessment.

Incomplete.  Controls are implemented based on (1) contractual requirements (2) legal and statutory requirements (3) your own organization' requirements (4) results of risk assessment.

A company may have an anti-virus software or a back-up processs even before thinking about implementing ISO 27001.


Eric


From: Dharmendra <dbavale@gmail. com>
To: iso-27001@yahoogrou ps.com
Sent: Tuesday, July 21, 2009 4:09:55 PM
Subject: Re: [iso-27001] Implementation of Statement of Applicability

 

Dear Okunwa,


You can draft SOA only after finishing your Risk Assessment phase. After your risk assessment you will clearly know what controls are applicable for you and what not. If there are controls which are not applicable, then you have to mention in the SOA stating the same. Like for ex. teleworking is not applicable, reason being organization is not allowing any users to connect to companies network.

All clauses are mandatory and must be implemented. Controls are implemented based on your risk assessment.

Regards,
Dharmendra T.

2009/7/20 Okunwa Aduragbemi <adura4u2nv@yahoo. com>
 

Dear All,
 
I need clarification on how to go about the implementation of the Statement of Applicability.
 
How do i know the yardstick for determining the reason for selecting any control as regards Legal Requirement, Business Requirement/ Best Practice or Results of Risk Assessment?
 
Is it compulsory that all controls must be on ground? If not what justification do i need to give to the exempted controls?
 
 




--
Regards,
Dharmendra T.




--
Regards,
Dharmendra T.


Reply | Forward | Messages in this Topic (10)
Messages 423 - 452 of 452   Newest  |  < Newer  |  Older >  |  Oldest
Message #
Search:
Advanced
Add to My Yahoo!      XML What's This?
Copyright © 2009 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Guidelines - Help