Hi,
I am trying to put a reasonable policy time to : "upon termination of employment " for 8.3.3 ISO.
What is the best practice recommendation for the period in which system account should be deleted?
If priviledge accounts must be deleted in 24 hrs - ...
Gail668 | 4/26/2013 10:05:35 AM | COMMENTS(2)
|
I have come across this situation several times, where I have been presented with many Risk management procedures by ISO 27001 implementers. How should I go ahead and evaluate a Risk Management Procedure?
|
What are the mandatory documents and mandatory procedures required for ISMS certification?
|
IT RISK MANAGEMENTDRIVERS, CHALLENGES AND ENABLERS FOR AUSTRALIANORGANISATIONS To attain strategic, program and operational objectives,most organisations rely on the right IT services to be delivered at the righttime. This is only possible if IT risks hav...
|
Hi
This is the MOST used Jargon these days in the Tech Industry ..... BYOD - Bring Your Own Device !
WHERE :)
to the organizational boundaries
WHICH DEVICE ?
your most loved - Smart phones, Tablets, and sometimes your own Laptops...
QUEST...
khfaisal | 2/26/2013 5:11:48 AM | COMMENTS(3)
|
I am sure you had a chance to look at COBIT 5 for Information Security. If not, I will recommend to have a look now.
COBIT 5 for Information Security provides guidance to help IT and security professionals understand, utilize, implement and direct imp...
|
COBIT 5 for Information Security provides guidance to help IT and security professionals understand, utilize, implement and direct important information security-related activities, and make more informed decisions while maintaining awareness about emerging technologies and the accompanying threats.
|
Describe the relevants elements to build a Security Information Planning based to ISO 27002 and COBIT 4.1
|
Books
Posted by ISACA 849 days ago
|
ISMS Policy or teh Information Security Policy is the high level document as required by ISO 27001 (ref - Clause 4.2.1b and A.5.1.1)
|
Books
Posted by ISACA 1081 days ago
|
Downloads
Posted by ISACA 1083 days ago
|
Volume 2, 2013
by Nurudeen Odeshina, CISA, CISM, CRISC, ISO 27001 LI, ITSM
As is often said, “information security is not a destination, it is a journey,” and for the organization it means continuous improvement.
|
Volume 5, 2012
by Alessandro Campi
This article focuses on the security of the authentication procedure set up by a service provider (SP) using a solution/tool obtained by a technical security provider (TSP).
|
Volume 5, 2011
by Haris Hamidovic, CIA, ISMS IA, ITIL-F, IT Project+ and Jasmina Kabil
The main objective of this article is to provide an introduction to the key elements of information security management in health care using ISO 27799:2008.
|
Volume 4, 2011
by Charu Pelnekar, CISA, CISM, ACA, AICWA, BCOM, CISSP, CPA, MCSE, QSA
The goal of this article is to provide guidance on the planning and decision-making processes associated with ISO 27001 implementation.
|
Volume 4, 2011
by Krishna Raj Kumar, CISA, CISM
This article seeks to share a simple model that can be used for ISM in governments.
|
Volume 2, 2010
by Steven J. Ross, CISA, MBCP, CISSP
|
These links, which have been contributed by site users, link to external third-party web sites. ISACA has not evaluated these web sites and accepts no responsibility for their suitability, security or privacy practices.
ISO/IEC 27000 is an international standard entitled: Information technology — Security techniques — Information security management systems — Overview and vocabulary.
Available for Free download from the ISO website.
|
This paper reports on research carried out by Gamma Secure Systems Limited (Gamma) over the period January 2007 to December 2010 to investigate the relationship between these two requirements. We discover that if an organization wishes merely to ensure coverage of the Annex A controls then the scope of the risk assessment is highly constrained. Indeed, we discover that it is possible to generate a small set of templates that once completed will fulfill the risk assessment requirements of the standard and guarantee coverage of the Annex A controls, whilst not necessarily providing a risk assessment that adequately addresses the organization's real
exposure.
|
Whole of government framework using ISO 27001/27002, coupled with specific legislative and regulatory requirements. Also comprises 13 guideline documents to assist with implementation, another two to be issued prior to end of calendar year 2012.
|
At least 85% of the targeted cyber intrusions that the Defence Signals Directorate (DSD) responded to in 2010 could have been prevented by following the first four mitigation strategies listed in our Top 35 Mitigation Strategies:
- patch applications such as PDF readers, Microsoft Office, Java, Flash Player and web browsers
- patch operating system vulnerabilities
- minimise the number of users with administrative privileges
- use application whitelisting to help prevent malicious software and other unapproved programs from running.
The Top 35 Mitigation Strategies are ranked in order of overall effectiveness. Rankings are based on DSD’s analysis of reported security incidents and vulnerabilities detected by DSD in testing the security of Australian Government networks.
|
Do look into the free webinars and downloads
|
The FREE ISO27k Toolkit consists of a collection of ISMS-related materials contributed by members of the ISO27k Forum, either individually or through collaborative working groups organized on the Forum.
|
|
მოგესალმებით და ამ პოსტში შევეცდები სტანდარტებზე გესაუბროთ.
სტანდარტები...
მაშ ასე,
ინფორმაციული უსაფრთხოების სტანდარტებზე სანამ გადავალთ, გლობალურად არის 2-3 სტანდარტების ტერიტორიები.
Posted By : David190 | 0 comments
|
Grupos de Estudio para Acreditaciones de JUNIO, SEPTIEMBRE Y DICIEMBRE 2013.
Para los que esten interesados en la presentación del exámen de certificación CISA y CISM o para cualquiera que desee comenzar a prepararse para estas o las próximas pruebas, pu...
Posted By : Alexander Osorio | 0 comments
|
|
On March 1st, I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center.
Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : Umesh391 | 1 comments
|
Posted By : masarker | 0 comments
|
|
Hello, this is my first post on my blog at ISACA. I feel honored to be among the many members of the ISACA organization and look forward to exchanging ideas, issues, and changes in the Information Security and all of the areas of Risk, Governance, and Co...
Posted By : Donald515 | 0 comments
| |
|
|