ISO 27001 Guide To Implementation
Vložit
- čas přidán 4. 06. 2024
- During these times of uncertainty, your business is experiencing increased levels of threat to your information security.
With staff working from home these threats have amplified because of the vulnerabilities associated with remote desktop protocol (RDP) and virtual private networks (VPN). But is your business prepared?
One methodology for being well planned and prepared is implementing the international standard for information security, ISO 27001.
In this webinar I have presented how to meet and implement ISO 27001 into your organisation. This standard is not just about your IT Department or your IT Contractors, it covers all of your business processes.
Resource mentioned in the video can be found here: www.mangolive.com/iso-27001-i...
Nice explanation! The best one i found so far
Glad it helped!
Thanks for compiling this. Very helpful.
Glad it was helpful!
Thank you very much for all of this. Are you able to provide a new link to the ISMS manual that you mention? The link in the description is broken.
Great
Fantastic breakdown - the only thing I am still struggling with is the difference between Gap analysis and Risk assessment in ISo27001. I do know what they are theoretically . However, I watched another video that cited their own steps as - Senior management buyin, purchase Iso standard , carry out risk assessment, complete SOA and scope, Gap Analysis, which is the internal Audit , findings , senior management, Attestation , certification. And what ISo version is yours ? 2023? Cos I know the2013 version has 114 controls
Hello...thanks for your video. I am interested in learning how to implement ISO. Where can I take a course to be educated on ISO 27000?
Perhaps an online course.
Thx
A very helpful explanation, thank you
You are welcome Roland
Hey, it seems the resources no longer exist. Are you able to provide an updated link to your current ISMS Manual? Thanks!
One query, 7.0 support should come under “Plan” or under “Do”? Because support is an action after planning. I may be wrong but would love to hear different opinions on this pls.
Support in this context regards to the support of the management and the enterprise on the ISO certification process. Hence it is under the Plan
Thanks for clarifying. “Management Support” make sense, instead of “Support”
Out of interest, how would you apply the model of Asset Register --> Classification Register --> Risk Register to a monitor? As you mention prior to discussing this how you even included computer monitors, how do you quantify the output of a monitor to determine the classification? For some of these was there a default which meant there was no further work necessary?
Good question Paul. The inclusion of monitors was seen as a catch all for all IT items. So we included them purely to ensure we didn't miss anything. The output was nil so therefore very low on the classification. Thus no further work necessary other than being labelled and tracked.
Cheers
Craig
@@Mangolive Thank you for the reply! Could I ask one further question, to what level would you record threats? Would you go as far as wiretapping\eavesdropping of an internal network, and would you include threats such as denial of service, denial of wallet etc? Or.. would you be more specific and include the actual threat, so for example if it were a denial of service it might be caused by Malware X. To what level of detail would we be expected to go?
Also, under the treatment of controls where you are performing the threat assessment, is there a name for that model? The models I have seen so far use a scoring matrix and put threats in categories based on values assigned to each and then they calculate the average. Is there a name for the method you have used?
And how does the classification register relate to the information security register? I understand the values of secret, public etc, but on the following slide that value is not attributed to any of the items, but there is instead a "Risk Level", how would I get from the classification of secret to a Risk Level of high for example?
A lot of questions I know but I have to undertake an assessment as part of my Msc (for a fictitious company) and I need to say which threat assessment model I have used and justify why.
I'm qualified ISMS lead auditor certified. I want to work with foreign company. can you give me an idea for that?