The latest ISO 17799 Newsletter has just been released. It explains the final draft version of ISO 27001 in some depth, and has a very nice reference to this...
ISO has reserved the ISO/IEC 27000-series numbering for a range of information security management standards in similar fashion to the very successful ISO...
Just in from the wires (OK, from the ISO 17799 Newsletter really, but 'the wires' sounded better!): ISO 27001 has finally been published as an official ISO...
Hi All Any idea about how many companies are so far certified with the new standard. Is there any change with respect to what auditors look for while auditing...
Dear Sameer, I don't have the data regarding ISO 27001 certificates. But I would surely ask the faculty during my LA course on ISO 27001 during 12-16 Dec in ...
Hi, Are you asking about BS7799 or ISO27001 ? As I heard there is no certificate base on the the new version yet. And about the changes I can provide you some...
Hi Pendar, Thanks for you info. I think most of the companies are undergoing internal changes to accomodate the new standard/version. Pender, if possible can u...
Ladies and gentlemen, I'm really surprised. I've been a member of this group now for several months and the number of messages is virtually nil. There are 125 ...
Hank: You may have answered your own question. Perhaps there is no real interest in ISO 27001 in the same way there appears to have been no real interest in ...
Yes..It's true..May be all are very busy with implementaion and audit...Let us put back the ball rolling.. == henk_keijzer <hwkeijzer@...> wrote: Ladies...
Hallo Chandra, The advantage is that at least the whole of the company is aware of the hazards and has, hopefully, implemented the appropriate measures. The...
I agree with Henk. Well, I guess all the members would be conversant with BS7799-2. I've kept few documents in the files section which will give some idea on...
Hi, I have an area in which I need your guidance. This is in respect of SCOPE of ISMS. This company has done risk assessment and selection of controls looking...
These things take time. ISO 9000 started the same way, as did ITIL, as did.... Apart from which, this is a small forum in a corner, which few people are aware...
Hi all, See my previous entry, which included this question and an answer. I hope that we can indeed keep the ball rolling and I hope that interest in ISO27001...
Lets dissect the requirement: Define how to measure the effectiveness of the selected controls or groups of controls and specify how these measurements are to...
Group, I realize that everyone loves to tout the ISO17799 but the biggest issue that I see for the US is that there is no reglatory mandates to comply....
Dear Sekar, Whenever you undertake implementation of any standard the scope has to be clearly defined at the outset. While it does find a mention in the...
It's always better to start with a small scope and expand later. But ensure that all relevant entities are included. In the previous standard (BS 7799) , only...
There may be no mandates yet in the mainland US but American companies who outsourced their processes here in the Philippines are demanding to have a...
Information Security is a big issue. However there are roadblocks that I see why ISO 27001, or Information Security Management System, is not gaining the...
Besides having its origin in a different land than the US, as brougt out below, the professional community in the USA seems to have been overtaken by current...
Hi Guys, Basically, i feel that the organizations have not understood the importance of INFORMATION SECURITY, in spite of the security breaches that is...
Dear Bala Raman, You are absolutely right. Since BS 7799 has gained the status of ISO 27001, I feel senses will dawn upon the managements the necessity of...
Hi, As per clause 4.2.1 c of ISO 27001, The organization has to define a risk assessment approach. As far as i know the most common models on RA are 1. PD3002...
Dear Bala, My understanding of assets is : In ISMS terms, assets include Information assets (e.g. paper or electronic form) & Information processing assets...
ISO 27001 doestn't mandate any particular methodology for RA. Orgaisation is free to select any one suitable to their environment. It's always better to select...
Hi Bala, Assets to be covered as part of Risk Management are Information assets - which store information and which process information. It would be best...
Hi members, Thanks for your sharing your thoughts on the asset definition. My next question is clause 8.1 talks abt continual Improvement, from an auditors...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
