Hi The certification is for management system, it can be any management system( Production, testing or design and development anything). May be a call centre,...
... yes in fact or theory u can but if auditor asks that how you include new systems to whole system and if u say directly then u have to define your risks at...
Our consultant claims that the Auditor can do Phase 1 and Phase 2 audit in a one, 3 days trip, is this true? Is there any rule about Phase 1 and Phase 2 audits...
Yes it is possible. Stage 1 is checking your management system in "theory". Stage 2 is checking the application or implementation. If you pass Stage 1 or if...
My scope is dependent on my business needs and not what the auditor think. I don't care what the auditor think about my scope. At the end of the day,...
... ISO/IEC 27006:2006 "Requirements for bodies providing audit and certification of information security management systems" defines follwing: <snippet> ...
Andreas Rauer
Andreas.Rauer@...
Mar 23, 2009 9:15 am
370
Hi friends, Â Can anyone help me what the ISMF (Information Security Management Forum) should exactly do? I would appreciate if anyone could send me the roles...
Hi Guys, Â I am in the process of preparing a GAP analysis report for ISMS implementation in our company. Can any one suggest me how to do the cost benifit...
Hello All, I’m relatively new over here, as the company I belong to also looking for the implementation and certification of ISO 27001. By going through the...
I dont think any body will be able to help you on this... If there ia anything regarding the standard you can contact again. For equipments you need to get in...
·        Ensuring that Information security objectives and plans are established for ISMS. ·        Communicating to the organization the...
You will need to find the threats to assets in business process, then find the vulverability that can expolit that threat. After doing this, you need to find...
hello all i am question threat catalog for risk analysis. attention: risk function=R if dependent variables = V(vulnerability) and T(theat) R(V,T) i used...
None is required. Additional investment shall be commensurate to your risks and business needs. Richard Regalado ________________________________ From: Siddi...
Our consultants want us to add all our company workstations in the Assets inventory list, is this correct? I believe that we should only add the workstations...
Hi Tarek, I thinks workstation shuold in the assets list because the workstaion can effect to availablility. Nam From VietNam. ... From: Tarek El kinawi...
hoang nam
cangua166@...
Apr 27, 2009 7:36 am
380
Tarek, It depends on the topology of the network. If both assets containing non-sensative and sensative data reside on the same network and/or are routeable...
As per ISO 27001: an organization should maintain an updated asset inventory. In this case the consultant is telling right. This task can be designated to some...
All the assets which affects the security CIA triad ie confidentiality, Integrity and availability needs to be considered in the asset. Desktops although does...
Thank you all for your feed back. I am getting 3 directions from the feed back: 1- Consider all the workstations in the assets inventory. So consider the asset...
Hi Tarek I would like to draw your attention to the below peice of information extracted from ISO 17799/ISO 27002 - the COP. c) physical assets: computer...
First you need to fully understand the Business Processess under the scope. And only include those assets that efect the business process. The assets that...
There isa no standard method for doing it. Do you need RART template..you can find oon the internet. For any help on RART u can refer Clauses of ISO 27001. Â ...
Hi, You can refer to ISO 27005, which is very easy to understand and implement. Hope this helps. Thanks and best regards, Nagi To: iso-27001@yahoogroups.com ...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
