Hi Tarek I would like to draw your attention to the below peice of information extracted from ISO 17799/ISO 27002 - the COP. c) physical assets: computer...
First you need to fully understand the Business Processess under the scope. And only include those assets that efect the business process. The assets that...
There isa no standard method for doing it. Do you need RART template..you can find oon the internet. For any help on RART u can refer Clauses of ISO 27001. Â ...
Hi, You can refer to ISO 27005, which is very easy to understand and implement. Hope this helps. Thanks and best regards, Nagi To: iso-27001@yahoogroups.com ...
Hi, RART means Risk Assessment and Risk Treatment(mitigation). You can use your own method for RART. But it should be logical, practical and cover all aspects...
thank you all we start to study ISO 27005, NIST SP 800-30 Risk Management Guide for Information Technology System, and ISO guide 73. initialy I think it's...
Hi All, Is the capacity Planning control necessary? Coz I feel dynamic business like BPO or ISP may need capacity planning. But for business that grow but...
Sigh. No control is mandatory or necessary as long as you can justify the reason for not using the control. Richard ________________________________ From:...
Hi, If you can show the auditor that the 'availability' of the business processes is not affected by the 'x' months planning, then there are no issues.......
Hi all, I'm relatively new to an organisation in which the security team has applied ISO27001 to a small portion of the estate (3 applications out of over...
I'm relatively new to an organisation in which the security team has applied ISO27001 to a small portion of the estate (3 applications out of over 400). The...
Hi ! I think the auditors mostly look for the INTENT in the documented processes. Â In this case you can show some logical calculation like say ...10 GB...
Nigel: Starting ISO27001 on a limited scope is perfectly acceptable (actually, recommended), as long as it is considered to be part of strategy that will...
Dear All, Â Please can anyone give me an update on how to implement ISO 27001 with COBIT. Â Thanks. Dear All, Please can anyone give me an update on how to...
Hi ISACA has a download of the COBIT & ISO 27001 mapping. Maybe that will help you. Cheers, Dhananjaya Rao.N  ________________________________ From: Okunwa...
Hi , there are a lot of documents on net showing Cobit and ISo 27001 mapping. Â RD ... From: Okunwa Aduragbemi <adura4u2nv@...> Subject: [iso-27001]...
Does anyone know the potential pitfalls of applying ISO controls to processes? My organisation is mooting an expansion of our registration to all of our top 40...
Considering the client follows ISO 17799:2005 ISMS, when does the client define "Management responsibility"? a. standards are defined b. assets are identified ...
Hi, 2 cents from me - Clause 5 (Mandatory clauses)Â clearly explains that the Management Responsibility has to be set up before the start of implementation and...
Management responsibilities comes in cl 6.1.1 as management commitment. This is mandentory guidelines of ISO 17799:2005. It comes after policy documents are...
I appreciate your response. I am clear about the Clause 5. however, which is the best answer to choose from the options provided was my query. Thanks, Deepal ...
Dear all, I have few questions on control A11.7.2 implementation. 1. What is the normal trend on allowing users to work from home? 2.  Should they be...
Duh? Why do you need to "define" management responsibility? ________________________________ From: RiCkY <madlaniricky@...> To: iso-27001@yahoogroups.com...
Dear All, Â I need clarification on how to go about the implementation of the Statement of Applicability. Â How do i know the yardstick for determining the...
... Hallo Deepal, ISO 27002:2005 (formerly known as ISO 17799:2005) is not necesseraly implemented starting at chapter 1 and ending at chapter 15, in that...
Hi we are implementing ISMS and would like to know what will be the best way for risk management and assessment we worked on the FMEA procedure but I am not...
Yes, there will be changes in the SOA. Note: It all depends on the scope defined initially. If you change the scope all documents related to ISMS will get...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
