By: Raghavendra Gururaj
Dear Dejan Kosutic, Quite crisp and upto the point. I liked the way the steps are defined and explained. Regards Raghavendra 23/11/2010
View ArticleBy: Ronaldo
I have implemented 27001. A prospective customer wants to see our SoA. Is this acceptable? Ronaldo
View ArticleBy: Dejan Kosutic
It would be acceptable if you don’t have confidential information in Statement of Applicability – therefore, you need to classify it first and then decide on allowing access or not. If you do have...
View ArticleBy: Michael
It would usually be acceptable, as the SoA only contains a list of controls you have implemented which doesn’t have to be confidential per se. I agree with Dejan in so far as stating or not stating a...
View ArticleBy: Andrea Simmons
Can I ask for edits to this checklist?! “Write an ISMS Policy” is erroneous. You wouldn’t write an ISMS Policy… you write an ISP …and Information Security Policy. An ISMS is an Information Security...
View ArticleBy: Dejan Kosutic
Andrea, clauses 4.2.1 b) and 4.3.1 a) specifically require to write a “ISMS policy” – this is a top-level policy that defines some basic rules for information security management. I agree with you that...
View ArticleBy: Paula
I am aware that ISO 27001 is in the process of being redrafted. My company is looking to implement ISO 27001. Is it worth us waiting until the new standard is released, or continue working with the...
View ArticleBy: Dejan Kosutic
Regarding the new ISO 27001 standard – at best it will be published in October 2013, but this is never certain – it could drag on until the March or April 2014 because it has to be approved by the...
View ArticleBy: ISO 27001 Manual
Our ISO 27001 training courses are designed with your business in mind and delivered by best in class trainers. Choose from public courses or bespoke onsite training to gain the knowledge needed to...
View ArticleBy: Deepak
Hi Mr.Dejan, I have few questions in mind; Even with the release of new version, can we still implement and get certified for ISO27001:2005 in the coming year i.e.2014? If that is so, for how long will...
View ArticleBy: Dejan Kosutic
Deepak, after new revision of ISO 27001 is published (ISO says target date is October 2013), it is not going to be possible to certify against ISO 27001:2005. However, if you certify against ISO...
View ArticleBy: SecurityFan
Hej Dejan, why do you create the RTP right after the SoA, but before the procedures? I agree that the actual implementation of the controls has to be done after the RTP, but wouldn’t it be better to...
View ArticleBy: Dejan Kosutic
Hi SecurityFan, Risk Treatment Plan needs to be written before you start writing the procedures because RTP is a kind of an action plan which defines who will be responsible for writing these...
View ArticleBy: Santhosh
Hello Sir, This is Santhosh from India. Is there any write up explaining the 133 controls and their importance with some examples
View ArticleBy: Dejan Kosutic
Santhosh, the best way is to purchase ISO 27002 – it describes each control into detail and suggests the way to implement them.
View ArticleBy: Santhosh
Thanks for your swift response. How to assess the legal requirements for ISMS implementation?
View ArticleBy: Santhosh
Dear Sir, We are in the process of implementing ISMS and we have followed ISO/IEC 27001:2005 (reaffirmed 2013) for all our initiation process. Do we need to follow this or we have to get the new...
View ArticleBy: Dejan Kosutic
Santosh, you can get certified against old ISO 27001 2005 revision until September 25, 2014 – for more details see this article:...
View ArticleBy: Rakesh Maheshwari
In my view the SOA is one document, which needs to be shared with the customer as and when required. Afterall then only the actual scope and extent of implementation of ISMS will be clear
View ArticleUsing Intrusion Detection Systems and Honeypots to comply with ISO 27001...
Networks are what make collaborative work possible. Without them, remote or global business wouldn’t exist. This critical role attracts attention, and makes networks a preferred target to wrongdoers,...
View Article
More Pages to Explore .....