Our consultants want us to add all our company workstations in the Assets inventory list, is this correct? I believe that we should only add the workstations...
Hi Tarek, I thinks workstation shuold in the assets list because the workstaion can effect to availablility. Nam From VietNam. ... From: Tarek El kinawi...
hoang nam
cangua166@...
Apr 27, 2009 7:36 am
380
Tarek, It depends on the topology of the network. If both assets containing non-sensative and sensative data reside on the same network and/or are routeable...
As per ISO 27001: an organization should maintain an updated asset inventory. In this case the consultant is telling right. This task can be designated to some...
All the assets which affects the security CIA triad ie confidentiality, Integrity and availability needs to be considered in the asset. Desktops although does...
Thank you all for your feed back. I am getting 3 directions from the feed back: 1- Consider all the workstations in the assets inventory. So consider the asset...
Hi Tarek I would like to draw your attention to the below peice of information extracted from ISO 17799/ISO 27002 - the COP. c) physical assets: computer...
First you need to fully understand the Business Processess under the scope. And only include those assets that efect the business process. The assets that...
There isa no standard method for doing it. Do you need RART template..you can find oon the internet. For any help on RART u can refer Clauses of ISO 27001. Â ...
Hi, You can refer to ISO 27005, which is very easy to understand and implement. Hope this helps. Thanks and best regards, Nagi To: iso-27001@yahoogroups.com ...
Hi, RART means Risk Assessment and Risk Treatment(mitigation). You can use your own method for RART. But it should be logical, practical and cover all aspects...
thank you all we start to study ISO 27005, NIST SP 800-30 Risk Management Guide for Information Technology System, and ISO guide 73. initialy I think it's...
Hi All, Is the capacity Planning control necessary? Coz I feel dynamic business like BPO or ISP may need capacity planning. But for business that grow but...
Sigh. No control is mandatory or necessary as long as you can justify the reason for not using the control. Richard ________________________________ From:...
Hi, If you can show the auditor that the 'availability' of the business processes is not affected by the 'x' months planning, then there are no issues.......
Hi all, I'm relatively new to an organisation in which the security team has applied ISO27001 to a small portion of the estate (3 applications out of over...
I'm relatively new to an organisation in which the security team has applied ISO27001 to a small portion of the estate (3 applications out of over 400). The...
Hi ! I think the auditors mostly look for the INTENT in the documented processes. Â In this case you can show some logical calculation like say ...10 GB...
Nigel: Starting ISO27001 on a limited scope is perfectly acceptable (actually, recommended), as long as it is considered to be part of strategy that will...
Dear All, Â Please can anyone give me an update on how to implement ISO 27001 with COBIT. Â Thanks. Dear All, Please can anyone give me an update on how to...
Hi ISACA has a download of the COBIT & ISO 27001 mapping. Maybe that will help you. Cheers, Dhananjaya Rao.N  ________________________________ From: Okunwa...
Hi , there are a lot of documents on net showing Cobit and ISo 27001 mapping. Â RD ... From: Okunwa Aduragbemi <adura4u2nv@...> Subject: [iso-27001]...
Does anyone know the potential pitfalls of applying ISO controls to processes? My organisation is mooting an expansion of our registration to all of our top 40...
Considering the client follows ISO 17799:2005 ISMS, when does the client define "Management responsibility"? a. standards are defined b. assets are identified ...
Hi, 2 cents from me - Clause 5 (Mandatory clauses)Â clearly explains that the Management Responsibility has to be set up before the start of implementation and...
Management responsibilities comes in cl 6.1.1 as management commitment. This is mandentory guidelines of ISO 17799:2005. It comes after policy documents are...
I appreciate your response. I am clear about the Clause 5. however, which is the best answer to choose from the options provided was my query. Thanks, Deepal ...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
