Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

ISO/IEC 27000 Series

Welcome to the ISO/IEC 27000 Series topic!

Collaborate, contribute, consume and create knowledge around topics such as Information Security Risk Assessment, ISO/IEC 27000 guidance implementation, continues improvement and feedback activities, guidance Information Security topics and addressing changes utilizing the guidance.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
1258 Members
0 Online
0 Visits

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 39 total

Must be a Topic member to contribute
View All »
Hi,  Would someone please, share some links to ISO 27001 mappings to other standards?I'm particularly interested in ISO 27017 for cloud and ISAE 3402. By the way, I'm implementing ISO 27001 right now. Best Regards,  Julian.
Julian Davis | 3/7/2018 1:45:32 PM | COMMENTS(3)
Hello - the ISMS scope I am working on has all data and systems in Azure and AWS cloud environments.  They are run on virtual servers and microservices.  All of the people involved work from home offices on BYOD ("bring your own device") systems.   Has an...
wynnjoe | 1/18/2018 9:24:02 AM | COMMENTS(0)
I have a keen interest in the ISO27K standards, currently doing a lot of research about each standard in the family. I've discovered that Google Cloud and AWS hold ISO 27017 and 27018 certifications in addition to 27001. On all 3 certificates for both com...
Ombongi.Moraa | 1/2/2018 4:12:09 PM | COMMENTS(1)
Hi,  After the risk assesment is complete and risk treatment strategies has been selected.If I end up with un-implemented controles in the SOA. And existing plans to implement the GAP are provided... Can I Still pass ISO 27001 certification? Very Bests Ju...
Julian Davis | 11/7/2017 9:16:08 PM | COMMENTS(3)
What are people’s thoughts or opinions on using a method of communication (email) as a preventative measure, and using this alone to prevent a similar incident in the future? I personally think that it should be part of your preventative measures but with...
Mark556 | 11/7/2017 8:57:16 PM | COMMENTS(9)
Hi  I want ask any member who has ISO 27001 2013certification for their organisation, how they deal with email classification.Do you think it is ok to state in your classificationprocedure document that all email are classified as "xxxxx" but not have any...
Baiju320 | 9/20/2017 1:13:28 PM | COMMENTS(4)

Documents & Publications: 6 total

Must be a Topic member to contribute
This document describe the changes that was implemented in the standar ISO27001, to be alignement to SL ANNEX – ISO/IEC, framework that provide the common guidelines and requirements documentary development of any Management System
Posted by Monica306 1412 days ago
COBIT 5 for Information Security provides guidance to help IT and security professionals understand, utilize, implement and direct important information security-related activities, and make more informed decisions while maintaining awareness about emerging technologies and the accompanying threats.
Posted by Paras_Shah1 2103 days ago
Describe the relevants elements to build a Security Information Planning based to ISO 27002 and COBIT 4.1
Posted by Monica306 2202 days ago
ISMS Policy or teh Information Security Policy is the high level document as required by ISO 27001 (ref - Clause 4.2.1b and A.5.1.1)
Posted by khfaisal 2804 days ago

Events & Online Learning: 0 total

No Results Found

Journal Articles: 12 total

Volume 4, 2017
by Tolga Mataracioglu, CISA, CISM, COBIT Foundation, BS 25999 LA, CCNA, CEH, ISO 27001 LA, MCP, MCTS, VCP
In this article, the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) ISO/IEC 27001:2013 standard is introduced briefly and compared to ISO/IEC 27001:2005.
Volume 1, 2016
by Tolga Mataracioglu, CISA, CISM, COBIT Foundation, CCNA, CEH, ISO 27001 LA, BS 25999 LA, MCP, MCTS, VCP
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card companies, including Visa, MasterCard, American Express, Discover and JCB.
Volume 3, 2015
by Brett van Niekerk, Ph.D., and Pierre Jacobs
According to a survey by Infonetics Research, companies operating their own data centers spent an average of US $17 million on security products in 2013.
Volume 2, 2015
by Nurudeen Odeshina, CISA, CISM, CRISC, ISO 27001 LI, ITSM
The implementation of and certification to global best practice standards can be quite challenging for most organizations given the resources (e.g., manpower, time, finances) required.
Volume 4, 2014
by Rohit Sethi, CISSP, CSSLP, and Ehsan Foroughi, CISM, CISSP
It is common knowledge that building security into software is an important prerequisite for information assurance.
Volume 2, 2014
by Vimal Mani, CISA, CICA
In November 2013, the ISO and the IEC formally released the long-anticipated updates to ISO/IEC 27001 and 27002.

Wikis: 2 total

Blog Posts: 13 total

My previous blog under name "Dragan on Security" was at location: It was active from August 28, 2005 to October 3, 2012. By beginning of 2017 it is moved to new location With possibility to...
Posted By : Dragan Pleskonjic | 0 comments
Yesterday’s security technology will not keep your network safe today, nor will today’s solutions protect you tomorrow. Network security must evolve. And at a rate that keeps it always one step ahead of the threats. These could include factors such as you...
Posted By : rasoolirfan | 1 comments
I often get in discussions around the need of Certification to the Need of Assurance.  One such interesting discussion led me to evaluate the conceptions and misconceptions that prevail in the industry. I thought why not share it with the rest of the folk...
Posted By : Mayank | 1 comments
Infosec community celebrates new versions of ISO 27001:2013 and ISO 27002:2013. Worth to look at: and everyone should read the story of genesis of  ISO 270...
Posted By : Vilius | 1 comments
Having been associated with the BS 7799 from its introduction as a Security Standard, and as a Contributor to the ISO 27001, and the last and final Chair of the ISO 27001 at the Department of Trade and Industry (DTI) I have been a long term supporter, and...
Posted By : John379 | 0 comments
Community of Sponsoring Organizations, essentially the large audit/consulting firms are big proponents of COSO as an ERM framework of choice. However, ERM programs must work with ITRM programs as majority if not almost all enterprises have their key bus...
Posted By : appolloconsulting | 0 comments