There are really a lot of policies on the web...However,email policies need to be drafted only after careful screening of the process,users,etc...How can you...
When defining the asset inventory and asset value can they be done at the same time or first you need to do the Asset inventory and then the asset value? How...
The short answer is it depends :-) It depends on the nature of the information you are looking to classify. If it is structured data, as within a database or...
First you need to collect the inventory of all assets and then you have to calculate the value of each asset based on the importance and criticality of each...
Rant ON And how do you calculate? What is the role of the asset for your business - In what units do you measure this? How important it is. Same as above. What...
Let me put it this way - 1) Asset Inventory needs to be "Information Assets" Inventory and not "IT Asset Inventory" as seen by many people. Irrespective of the...
Hi I am confsed with Risk Management for CMMI and Risk Assessment for ISO27001. ISO27001 talks about assest wise risk assessment whereas CMMi RM talks about...
Hi Mathi E Arasu I do agree with you but in a organisation we have to maiintain two different docs or approach for assessing the risk. it will be very...
All these measurements are qualitative. Â egs : assign 1 2 or 3 for confidentiality and define the levels qualitatively. You can similarly define availability...
Hi Ashish, Why do you have to have two RAs? Only one will do. You said CMMI RA deals with project. Well, what are the components of your project? Are they...
Hi All, A recent risk review identified data leakage as one the major risks facing my organisation. The use of USB pens and CD drives is an obvious methods of...
... Andy, If you're using Active Directory you can disable USB/CD-ROM write access via a global policy that's pushed to the workstations and servers. If...
Hi Andy, Â There is a possibility of disabling USB and External Drives - whith which depends on user account or groupings as set in the Organizational Unit's...
On Tue, Sep 23, 2008 at 6:50 PM, andypowell100 ... You can try installing some software on the PCs which encrypts the data on the pen drive. So, if you write...
Hi Andy, Â TAKE A BACK UP OF YOUR REGISTRY BEFORE TRYING THIS. Â Go to regedit, Â HKEY_LOCAL_ MACHINE>SYSTEM>CurrentControlSet>Control Right click-new key,...
The new issue has just arrived. I am posting it below for the group. Laura ______________________________________________________ THE ISO 27001 and ISO 27002...
At a very high level, in order to fulfill physical requirements what is are the minimum things we need to consider: For ex: generator, video cameras, access...
Hi, While implementing ISo27001 standard for an organization, which law takes the precedence international law or the country law.For eg: in countries which...
Hi Rizwan I don't have the standard in front of me, and I don't remember exactly what it says on the issue of software licensing, but in my opinion, there are...
Which countries are saying there is no need to buy licensed software? Can you share laws from these countries saying it is ok to use unlicensed software? FYI,...
... Can't say anything to that topic, but would be interested in the laws, which says, you don't need to buy the stuff you're working with.. ;-) ... Yea..-No. ...
Andreas Rauer
Andreas.Rauer@...
Nov 13, 2008 8:02 pm
343
Agree with Eric....No-one is allowed to use pirated software by law...sanction or no sanction.If they use it,the it is not ethical. Shankar Kris 1 847 363 1675...
The purpose of legal compliance being part of the security requirements is to prevent legal risks affecting the business continuity. Under this principle, if...
Dear All,I have small doubt. Can we add this wording in the certification scope "....support functions including data protection act of UK 1998..." ??? My...
IMHO, If you are gunning for ISO27001 Certification, you need to show compliance only to that standard. While compliance to other standards/ Regulations is...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
