Questions tagged [iso27000]
The iso27000 tag has no usage guidance.
37
questions
0
votes
1
answer
91
views
ISO 27001: do we need audit access to the code of the core application
We want to be 27001 certified and our company is based on one core application that is hosted in our cloud infrastructure but provided by a vendor.
Is there a situation where an auditor needs access ...
2
votes
2
answers
128
views
Standards for Secure Products
I am interested in standardizations for secure design and development of products, especially towards operational technology / IoT / ICS. My understanding of information security management systems ...
- 91
4
votes
2
answers
1k
views
InfoSec certifications for global startup
I am working in a global startup. Recently we have undergone several InfoSec processes with potential large corporate customers.
All of them asked for:
SOC
ISO 27k
Which makes sense for large ...
- 997
2
votes
2
answers
217
views
Definition of information in ISO 2700x
I've searched through recent versions of ISO 27000, 27001 and 27002 and couldn't find definition of "information". Where can I find it? Is "information" defined anywhere? Or maybe I should look at ...
4
votes
1
answer
2k
views
Starting with ISO 27001 - what to buy?
We want to start implementing the ISMS according to ISO 27001. Now I know that the ISO 2700x familiy consists of a lot of standards, a lot of them beeing industry-specific standard documents.
My ...
- 153
1
vote
1
answer
233
views
ISO Standard Security Field
What is the ISO standard that helps entities to implement security processes, concepts in the application security field ?
- 23
-1
votes
2
answers
395
views
ISO 27001 structure and granularity of the content
I'm new to ISO 27001 and my goal is to come up with an ISMS policy for an mid-size organisation. As I did not purchase the standards, I went to read up advisera's articles and went through their free ...
- 429
0
votes
1
answer
529
views
What is the difference between 'Eavesdropping' and 'Remote Spying' in ISO/IEC 27005?
In the Annex C of ISO/IEC 27005 typical threats are described, among others eavesdropping and remote spying. When searching on the internet for further description of the two terms I found them used ...
- 7,991
0
votes
1
answer
166
views
Iso 27K Implementation
Suppose we buy a new cisco router or any IT equipment. How can we employ ISO 27k/NIST 800-37/NIST 800-53 or any other related information security management standards technically? I mean what should ...
- 113
0
votes
1
answer
634
views
Special Level Agreements for ISO27001
Suppose that in the ISMS scope I have the management of services provided by some cloud provider, i.e the provider provides me a virtual server for performing certain critical operations.
I would ...
0
votes
1
answer
104
views
Treatment of Database as a Service in Asset Registry
I have a Relational Database (DB) that is hosted by a cloud provider in my asset registry to be used for ISO27001 certification.This implies everything is maintained by the cloud provider, e.g. ...
1
vote
2
answers
1k
views
ISO27001 Risk Assessment Methodology
I'm in the process of defining a risk assessment methodology for a company that would like to be aligned with ISO 27001. The standard states clearly that the aim is the protection of CIA (...
1
vote
3
answers
718
views
Risk Assessment Methodology ISO 27001
I would like to apply ISO 27001 best practices for a company that has not completed its final online architecture yet and it is still under development phase. However, they pretty much know which ...
4
votes
1
answer
196
views
Development of ISO27001 ISMS before production
I would like to ask if it is efficient and correct to design the ISO27001 ISMS for a company/organisation that is not yet in fully operational mode - e.g. their online architecture of their system is ...
1
vote
1
answer
1k
views
Crosswalks (aka Matrix) for InfoSec Compliance Standards
Looking to find a reference that maps the various control standards (i.e. HIPAA, PCI-DSS, GLBA, ISO) to each other.
I envision the answer being a spreadsheet that outlines the controls for one ...
- 5,185