Questions tagged [iso27000]
35 questions
15
votes
3 answers
Should a penetration tester have training in ISO 27001/ITIL etc?
I recently got offered a promotion but as part of the package I've been requested to do ISO 27001, ITIL, ARPA and other kinds of training. I've previously avoided this sort of training as I felt it would 'distract' me from my technical security…
NULLZ
- 11,426
- 17
- 77
- 111
14
votes
3 answers
What is the difference between ISO 27001 and ISO 27002?
What is the difference between ISO 27001 and ISO 27002? Are they related to each other or not?
Lucas Kauffman
- 54,169
- 17
- 112
- 196
13
votes
5 answers
ISO27000 implementation - Where do you get the standardization material?
In implementing ISO27000 (ISO27001&27002) I am wondering where I can download and review the standard? I wish to start implementing it but I am a bit stumped on where to start.
Some sites offer to sell some PDF's that supposedly includes best…
Chris Dale
- 16,119
- 10
- 56
- 97
5
votes
1 answer
How do Software Development Processes, OWASP CLASP & MS SDL, and Security Standards fit together?
How do these three concepts fit together:
The Software Development Process (SDP) indicates the different phases of creating an application. Well known processes are waterfall, spiral, agile, extreme programming, etc.
OWASP Clasp and Microsoft SDL…
daniel f.
- 281
- 1
- 6
5
votes
2 answers
ISO 27001 - procedures templates for ISMS at small companies?
Is anybody use publicly available (or relatively cheap) templates of procedures for ISO 27001 for build own information security management system capable to be conform standard.
Any recommendation?
After such organic building system did you…
Ziemek Borowski
- 51
- 1
- 3
4
votes
1 answer
Does ISO 27000 certification increase the risk of being attacked?
I asked my client (a bank) why they don't certify themselves against ISO 27000 standards. The answer was that if they certified, it would increase the risk of being attacked.
Does that make any sense? Can hackers be aware that some particular…
ZygD
- 247
- 1
- 2
- 10
4
votes
2 answers
InfoSec certifications for global startup
I am working in a global startup. Recently we have undergone several InfoSec processes with potential large corporate customers.
All of them asked for:
SOC
ISO 27k
Which makes sense for large organizations.
What certificates are worth pursuing…
dev
- 937
- 1
- 8
- 23
4
votes
3 answers
Security Assessment vs. Risk Analysis
What the real difference between IT Security Assessment based on ISO 27001 (or in general other international standard) and qualitative risk analysis?
In some way the approach is much similar - environment, question towards process owner, gap…
emc2
- 43
- 1
- 3
4
votes
1 answer
Development of ISO27001 ISMS before production
I would like to ask if it is efficient and correct to design the ISO27001 ISMS for a company/organisation that is not yet in fully operational mode - e.g. their online architecture of their system is not finalised yet and undergoes several changes…
4
votes
1 answer
Is it possible for one Division of an organization to be certified ISO 27001?
Is it possible for an entity or a division part of an organization to be certified ISO 27001, specifically the Division Information Security Management System?
user16672
3
votes
1 answer
Starting with ISO 27001 - what to buy?
We want to start implementing the ISMS according to ISO 27001. Now I know that the ISO 2700x familiy consists of a lot of standards, a lot of them beeing industry-specific standard documents.
My question is: which documents are the most necessary…
Tobias
- 143
- 7
2
votes
2 answers
What could be the scope of ISO 27000 standards?
If a company wants to certify against some of ISO 27000-series standards (let's say ISO 27001 and ISO 27005), what could possibly be certified? I mean, is it IT processes in general in the organisation as a whole? Or is it more likely that only…
ZygD
- 247
- 1
- 2
- 10
2
votes
1 answer
Outsourced software development ISO27002 definition
In ISO27002 section 14.2.7 it sets out the requirements for outsourced software development.
By Outsourced software development are they referring to bespoke software or does this also include off-the-shelf software?
Craig Garnham
- 21
- 2
2
votes
2 answers
Compliance with an industry recognized framework - ISO27k
I've been asked to figure out how to get our company to comply with an "Industry Recognized [Security] Framework" where '“Industry Recognized Framework” means a global industry recognized information security management system (“ISMS”), such as ISMS…
user16247
- 23
- 2
2
votes
5 answers
Questions about in-scope information assets for an ISO27001 ISMS
I am in the process of writing a Scope for the information assets - in preparation for writing an ISO27001 compliant ISMS. I am confused as to if a VPN network is considered to be in Scope? as well as things like the Wireless access point for…
KingJohnno
- 1,155
- 2
- 11
- 19