Hi Scott, What is the normal process for a standard to become ISO, apart from those you have already explained, also what is the criteria and how this has to...
Hi. I am new to the group. Often I have tried to obtain employment in the field of IT security. I have a lot of practical technical experience in the field. ...
The newsletter just arrived. See below. Laura ______________________________________________________ THE ISO 27001 and ISO 17799 NEWSLETTER - EDITION 15 ...
I was just working through the ISO 27001 document again and, thanks to a customer question, I have one. Has anyone else noticed that in section 4.2.1 item g it...
Dear Fred, The item you are referring to is 4.2.3 (g) of the ISO 27001 document, if I am correct. If you look at the next item 4.2.4, it brings out the spirit...
Vijendera, All of which makes my point. There is nothing defined as a "Security Plan" - the term is generic, not specific. It is a poor choice of wording...
Hi, I have a doubt. Assuming that we have a device (say an Oscilloscope) which is used for initial testing of a product. This device does not contain any...
Hi, Yet another doubt. How do we identify a scope of implementation ? I am not able to word it out. Can i get some samples ? Thanks Regards Jagdish ... Once...
Hello Mr.Rao During Asset Modelling we take all the HW, SW and Information Assets (Critical and Non-Critical) into account. So with this theory Oscilloscope is...
Hello Jagdish, From what I understand, ISO 27001 requires us to identify assets that fall within the scope of the ISMS. (Refer to: ISO/IEC 27001:2005, in ...
Hi, To add to this, I feel you can consider Oscilloscope as an asset. If you have made an inventory of assets and classified them, you can consider this under...
Hi ! I look at it this way : Assets to be considered in classification are 1. Information assets (which hold/stage information) 2. Information processing...
Hi, I had been reading the following discussion, I kind of agree with Manish. We are currently implementing ISMS. We are done with the risk assessment. Now are...
Hi Abhishek, I agree with you that RA & BIA are confusing. Excerpts from a book : "Risk Analysis involves identifying the most probable threats to an...
Dear Manish, Thank you very much for your thoughts on this. This helps a lot. As per the Excerpts from the book, my critical business function at the ...
Hi all, i agree to what has been discussed below. in case of oscilloscope. Confidentiality cud be rated N.A. while integrity and availability cud be kept HIGH....
Hi, My 2 cents on this topic.... In a typical BIA - you are going to specifically capture information related to 2 main important areas - Recovery Time...
Hello, Has anyone reviewed/ audited/ carried out a Risk Assessment or Business Impact Analysis for a Central Bank environment? If so, please share any...
Hello, Has anyone reviewed/ audited/ carried out a Risk Assessment or Business Impact Analysis for a Central Bank environment? If so, please share any...
I am researching on how various risk assessment tools compare to each other. Has any of you used one or more of the following, and how do you compare them in...
Two major tools to add to your list: COBRA CRAMM The former is far easier to use than the latter, but both do have significant international user bases....
Dear All, Can you please explain what is acceptance criteria as mentioned in the below lines: "Organisation will ensure that acceptance procedures are carried...
You might want to look at ISO 27001 (was 17799:2005) to get an idea of the acceptance criteria likely to be expected. FC ... - This communication is...
Dear Rufina, ... I can think of the following criteria: - The scope (what's in, what's out) - Is the organization modelled as a bunch of assets, or is another...
Great work is in progress.. we would be waiting for your research papers once they are published. hope it would help the Risk Assessment Market. You can also...
Maybe this is methodology ? Octave NIST 800 series (I forgot about the number) _____ From: rufina_achieng [mailto:rufina_achieng@...] Sent: Tuesday,...
Adi Primadi
adi@...
Sep 26, 2007 7:37 am
250
... OCTAVE is methodology. BS 31100 (under dev.) is addressing Risk management in general, as well as ISO 31000 (also under dev., currently 1st Committee...
Andreas Rauer
Andreas.Rauer@...
Sep 26, 2007 10:54 am
251
Hi, I am asked to do a Risk Assessment / Business impact Analysis before we begin with getting the Data classified for implementation of ISMS. Not really sure...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
