Hi all I work for a commercial company and the head of Info Sec is an ex- military man. The company wants to achieve certification in the standard. Most of the...
Hi JP, It's a common dillema. The head of Info Sec must understand that there are no mandatory controls. However, there are baselines. I suggest that you...
Hi, I'm an ISO 27001:2005 certified LA and LI ....Well if you ask me, there is a need to conduct Risk Assessment before since it will throw out the gap between...
Hi, Having done eight implementations for clients, both are right and otherwise. My experience with Auditors have been is that they are very cautious about the...
Hi, A week ago, I finished my eight implementation; whichwas certified. So far, I have conducted more than a dozen implementation courses; on behalf of BSI...
Hi JP, I think in corporate we are all working in a commercial concern. Anyway, if you look at the methodology of ISMS or ISO 27001,the methodology is -...
I'm in complete agreement with Dhananjay. It make sense to understand the applicability of Control Objectives before in order to ensure that Objectives are...
Hello all, Recently I've been told by BSI representative that asset inventory prepared according to 4.2.1 d) clause of 27001 SHOULD include security...
Maxim S. Emm
maxus@...
Oct 18, 2006 7:58 am
127
Hi Maxim, Good day. Even though your school of thought is worth thinking about.... in reality it is not that way. I do understand that the Security controls,...
Hi Maxim, The interpretation of the Asset Inventory to include firewalls etc is to ensure that during the risk analysis, these assets will reduce the risk to ...
Hi, I think what has been recommened is correct but not the interpretation. Taking example of Firewall: If you do not include firewall as Information asset...
Dear Mayank, Are the one who conducted ISMS LA course during last Dec in Kol. If you the one pl send your mobile no.so that I can contact you. Regards Rupam...
Hi, I am working as the 'General Manager' of a Software firm which started 2 and half years back . We are a team of 34 Employees with 26 Technical people. We...
Hi, Since you are at CMM Level 3 (IS it CMM or CMM(I)), would recommend you go for ISO 9001 first which should be a piece of cake. Then you can go for ISO...
Hi , We are not CMM Certified , we follow CMM standards since we know the process (in personal level). I would like to know which is the best certification...
Hi Rajesh, I would suggest that you go for either IT Infrastructure Library (ITIL) and/or ISO 20000-1 IT Service Management System. It can enhance your service...
Hi Rajesh, I woul go with Rain... First achive ITIL certification and then move on to ISO 27001:2005 certification since that would add considerable value to...
Hi Rajesh, As most of them know that for CMM an 'Assessment' is done on the processes, its upto you whether you want to follow after the assessments. But in...
Hello Rajesh, I have read through the recommendations given out by other learned members in this group. Each of them have their own point and they require to...
Hi Rajesh Adding to Govinf comments, ... I agree. In between doing ISO9001 and ISO27001, you can use ISM3 (www.ism3.com). ISM3 has 5 maturity levels, and ...
Hi, Is there any way or methodology by which I can synchronize Operational risk assessment and the Information Security Risk assessment, if we consider...
Arindam.Banerjee
Arindam.Banerjee@...
Oct 23, 2006 3:30 pm
140
Well put Govind. I would like to pose a question- why do you want ANY certification? Your organisation is at CMM level 3. If I were you, I'd prefer to go to ...
Hi Mayank, Well, Rajesh's query was about which certification his organization could opt for. Obviously, the whole thread of discussion converges on ...
... I'd like to see some specific examples of that...I read ISO27001 back to back and I haven't seen any reference to specific legislation. ... I don't think...
I think Rajesh has, by now, a good lot of ideas to mull over and take the right course that he deems fit. Well, people like Rajesh give practitioners a chance...
Hi, I had an opportunity to lead a very large effort in a US based multilateral Bank in implementing CMM, ITIL/ISO20000 and BS7799/IOSO27001 simultaneously...
... Standard or Methodology Guidance can't be as specific as telling you exactly what to do, but as a bare minimum it should provide insight. It should help...
Hello Vincente, Innovators have the need to believe what they feel like very intensely. Constructive destruction is something that has become part of the...
Hi ... I haven't said anything like that, have I? I am always very specific, so please, quote me if you want but don't "put words in my mouth". ... If a...
Hi All I have been asked to write up a project plan with a view to my company getting certification. Has anyone got any views on what should be included in it?...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
