Hi, I have a doubt. Assuming that we have a device (say an Oscilloscope) which is used for initial testing of a product. This device does not contain any...
Hi, Yet another doubt. How do we identify a scope of implementation ? I am not able to word it out. Can i get some samples ? Thanks Regards Jagdish ... Once...
Hello Mr.Rao During Asset Modelling we take all the HW, SW and Information Assets (Critical and Non-Critical) into account. So with this theory Oscilloscope is...
Hello Jagdish, From what I understand, ISO 27001 requires us to identify assets that fall within the scope of the ISMS. (Refer to: ISO/IEC 27001:2005, in ...
Hi, To add to this, I feel you can consider Oscilloscope as an asset. If you have made an inventory of assets and classified them, you can consider this under...
Hi ! I look at it this way : Assets to be considered in classification are 1. Information assets (which hold/stage information) 2. Information processing...
Hi, I had been reading the following discussion, I kind of agree with Manish. We are currently implementing ISMS. We are done with the risk assessment. Now are...
Hi Abhishek, I agree with you that RA & BIA are confusing. Excerpts from a book : "Risk Analysis involves identifying the most probable threats to an...
Dear Manish, Thank you very much for your thoughts on this. This helps a lot. As per the Excerpts from the book, my critical business function at the ...
Hi all, i agree to what has been discussed below. in case of oscilloscope. Confidentiality cud be rated N.A. while integrity and availability cud be kept HIGH....
Hi, My 2 cents on this topic.... In a typical BIA - you are going to specifically capture information related to 2 main important areas - Recovery Time...
Hello, Has anyone reviewed/ audited/ carried out a Risk Assessment or Business Impact Analysis for a Central Bank environment? If so, please share any...
Hello, Has anyone reviewed/ audited/ carried out a Risk Assessment or Business Impact Analysis for a Central Bank environment? If so, please share any...
I am researching on how various risk assessment tools compare to each other. Has any of you used one or more of the following, and how do you compare them in...
Two major tools to add to your list: COBRA CRAMM The former is far easier to use than the latter, but both do have significant international user bases....
Dear All, Can you please explain what is acceptance criteria as mentioned in the below lines: "Organisation will ensure that acceptance procedures are carried...
You might want to look at ISO 27001 (was 17799:2005) to get an idea of the acceptance criteria likely to be expected. FC ... - This communication is...
Dear Rufina, ... I can think of the following criteria: - The scope (what's in, what's out) - Is the organization modelled as a bunch of assets, or is another...
Great work is in progress.. we would be waiting for your research papers once they are published. hope it would help the Risk Assessment Market. You can also...
Maybe this is methodology ? Octave NIST 800 series (I forgot about the number) _____ From: rufina_achieng [mailto:rufina_achieng@...] Sent: Tuesday,...
Adi Primadi
adi@...
Sep 26, 2007 7:37 am
250
... OCTAVE is methodology. BS 31100 (under dev.) is addressing Risk management in general, as well as ISO 31000 (also under dev., currently 1st Committee...
Andreas Rauer
Andreas.Rauer@...
Sep 26, 2007 10:54 am
251
Hi, I am asked to do a Risk Assessment / Business impact Analysis before we begin with getting the Data classified for implementation of ISMS. Not really sure...
The latest edition just arrived: THE ISO 27001 and ISO 27002 NEWSLETTER - EDITION 16 ______________________________________________________ Welcome to Issue 16...
Hello All, I am working in Big Consulting organization with strength of around 18K employees,i am working as an INFOSEC Consultant. i am drafting Policy on...
Hi, There are tools available (like bellarc) to identify all applications in a machine / network. With this information you can talk with IT department (or...
The latest issue has just landed. See below. Laura ______________________________________________________ THE ISO 27001 and ISO 27002 NEWSLETTER - EDITION 17 ...
Hi all, Can anyone help me out in making a list of do's and don'ts for giving it to my office security personnel instead of training them everytime when the...
Hi, It would be very simple... a quick solution would be to go through the activity that a Physical Security personal needs to do on a daily basis.... Like...
I would like to say that ... Training is mandatory for the security personal, since Information Security is not just a checklist.... you shall train them how...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
