Highest Voted 'iso27000' Questions - IT Security Stack Exchange

15

votes

3 answers

Should a penetration tester have training in ISO 27001/ITIL etc?

I recently got offered a promotion but as part of the package I've been requested to do ISO 27001, ITIL, ARPA and other kinds of training. I've previously avoided this sort of training as I felt it would 'distract' me from my technical security…

penetration-test professional-education iso27000

asked Feb 22 '13 at 04:38

NULLZ

11,426
17
77
111

14

votes

3 answers

What is the difference between ISO 27001 and ISO 27002?

What is the difference between ISO 27001 and ISO 27002? Are they related to each other or not?

iso27000

asked Dec 15 '14 at 20:43

Lucas Kauffman

54,169
17
112
196

13

votes

5 answers

ISO27000 implementation - Where do you get the standardization material?

In implementing ISO27000 (ISO27001&27002) I am wondering where I can download and review the standard? I wish to start implementing it but I am a bit stumped on where to start. Some sites offer to sell some PDF's that supposedly includes best…

iso27000

asked Jul 04 '12 at 12:47

Chris Dale

16,119
10
56
97

5

votes

1 answer

How do Software Development Processes, OWASP CLASP & MS SDL, and Security Standards fit together?

How do these three concepts fit together: The Software Development Process (SDP) indicates the different phases of creating an application. Well known processes are waterfall, spiral, agile, extreme programming, etc. OWASP Clasp and Microsoft SDL…

iso27000 process sdl

asked May 07 '15 at 15:08

daniel f.

281
1
6

5

votes

2 answers

ISO 27001 - procedures templates for ISMS at small companies?

Is anybody use publicly available (or relatively cheap) templates of procedures for ISO 27001 for build own information security management system capable to be conform standard. Any recommendation? After such organic building system did you…

business-risk iso27000

asked May 27 '14 at 09:29

Ziemek Borowski

51
1
3

4

votes

1 answer

Does ISO 27000 certification increase the risk of being attacked?

I asked my client (a bank) why they don't certify themselves against ISO 27000 standards. The answer was that if they certified, it would increase the risk of being attacked. Does that make any sense? Can hackers be aware that some particular…

banks iso27000 iso27001

asked Mar 13 '15 at 22:17

ZygD

247
1
2
10

4

votes

2 answers

InfoSec certifications for global startup

I am working in a global startup. Recently we have undergone several InfoSec processes with potential large corporate customers. All of them asked for: SOC ISO 27k Which makes sense for large organizations. What certificates are worth pursuing…

compliance iso27000

asked Feb 24 '20 at 08:18

dev

937
1
8
23

4

votes

3 answers

Security Assessment vs. Risk Analysis

What the real difference between IT Security Assessment based on ISO 27001 (or in general other international standard) and qualitative risk analysis? In some way the approach is much similar - environment, question towards process owner, gap…

risk-analysis iso27000

asked Oct 06 '12 at 09:25

emc2

43
1
3

4

votes

1 answer

Development of ISO27001 ISMS before production

I would like to ask if it is efficient and correct to design the ISO27001 ISMS for a company/organisation that is not yet in fully operational mode - e.g. their online architecture of their system is not finalised yet and undergoes several changes…

iso27001 iso27000

asked Oct 04 '16 at 13:51

Hashed_Then_Encrypted

83
5

4

votes

1 answer

Is it possible for one Division of an organization to be certified ISO 27001?

Is it possible for an entity or a division part of an organization to be certified ISO 27001, specifically the Division Information Security Management System?

iso27001 iso27000

asked Apr 17 '16 at 13:27

user16672

3

votes

1 answer

Starting with ISO 27001 - what to buy?

We want to start implementing the ISMS according to ISO 27001. Now I know that the ISO 2700x familiy consists of a lot of standards, a lot of them beeing industry-specific standard documents. My question is: which documents are the most necessary…

iso27001 iso27000

asked Jan 24 '19 at 08:27

Tobias

143
7

2

votes

2 answers

What could be the scope of ISO 27000 standards?

If a company wants to certify against some of ISO 27000-series standards (let's say ISO 27001 and ISO 27005), what could possibly be certified? I mean, is it IT processes in general in the organisation as a whole? Or is it more likely that only…

audit business-risk iso27000 iso27001

asked Mar 22 '15 at 22:20

ZygD

247
1
2
10

2

votes

1 answer

Outsourced software development ISO27002 definition

In ISO27002 section 14.2.7 it sets out the requirements for outsourced software development. By Outsourced software development are they referring to bespoke software or does this also include off-the-shelf software?

software iso27000

asked Jan 09 '15 at 10:54

Craig Garnham

21
2

2

votes

2 answers

Compliance with an industry recognized framework - ISO27k

I've been asked to figure out how to get our company to comply with an "Industry Recognized [Security] Framework" where '“Industry Recognized Framework” means a global industry recognized information security management system (“ISMS”), such as ISMS…

compliance iso27000

asked Feb 25 '14 at 20:59

user16247

23
2

2

votes

5 answers

Questions about in-scope information assets for an ISO27001 ISMS

I am in the process of writing a Scope for the information assets - in preparation for writing an ISO27001 compliant ISMS. I am confused as to if a VPN network is considered to be in Scope? as well as things like the Wireless access point for…

compliance regulation iso27000

asked Dec 29 '13 at 13:43

KingJohnno

1,155
2
11
19

Questions tagged [iso27000]