iso27000 – WindowsTechs.com

ISO 27001: do we need audit access to the code of the core application

Posted on February 27, 2024 by Ritchie1962

We want to be 27001 certified and our company is based on one core application that is hosted in our cloud infrastructure but provided by a vendor.
Is there a situation where an auditor needs access to the source code to be able to justify… Continue reading ISO 27001: do we need audit access to the code of the core application→

Standards for Secure Products

Posted on October 16, 2023 by Nesuma

I am interested in standardizations for secure design and development of products, especially towards operational technology / IoT / ICS. My understanding of information security management systems via the ISO 27XXX and country-specific st… Continue reading Standards for Secure Products→

riteshpatel76728@gmail.com

Posted on July 8, 2023 by Ritesh Patel

Hje Kg
Jkjhagada

Hakuenter link description here

Continue reading riteshpatel76728@gmail.com→

What are the main differences between internal and external audit in ISO27001?

Posted on May 6, 2022 by romleyekku

I’m doing a research as a preparation for my exam, and I can’t find anything about it. Could someone please explain me what are the main differences between internal and external audit in ISO27001?
Thanks

Continue reading What are the main differences between internal and external audit in ISO27001?→

InfoSec certifications for global startup

Posted on February 24, 2020 by dev

I am working in a global startup. Recently we have undergone several InfoSec processes with potential large corporate customers.

All of them asked for:

SOC
ISO 27k

Which makes sense for large organizations.

What certificates are wo… Continue reading InfoSec certifications for global startup→

Definition of information in ISO 2700x

Posted on February 17, 2019 by Grzegorz Adam Kowalski

I’ve searched through recent versions of ISO 27000, 27001 and 27002 and couldn’t find definition of “information”. Where can I find it? Is “information” defined anywhere? Or maybe I should look at some other standards?

Continue reading Definition of information in ISO 2700x→

Starting with ISO 27001 – what to buy?

Posted on January 24, 2019 by Tobias

We want to start implementing the ISMS according to ISO 27001. Now I know that the ISO 2700x familiy consists of a lot of standards, a lot of them beeing industry-specific standard documents.

My question is: which documents… Continue reading Starting with ISO 27001 – what to buy?→

Auditing ISMS tools and techniques [on hold]

Posted on August 28, 2018 by SecurityPrincess

What are good techniques useful for auditing information security in a company?
What are the most cost-effective options for this area?
More specifically, I would like to see answers include some aspects of ISO 270001 and oth… Continue reading Auditing ISMS tools and techniques [on hold]→

IT base analysis [on hold]

Posted on November 21, 2017 by user164193

I am aiming for the ISO27k(BSI- IT Grundschutz) alignment for my company. However, the company manufacture fitness machine and we own mobile apps as well. I have an idea about CVSS scoring for our software tools and services…. Continue reading IT base analysis [on hold]→

ISO 27001 structure and granularity of the content

Posted on July 22, 2017 by ysj

I’m new to ISO 27001 and my goal is to come up with an ISMS policy for an mid-size organisation. As I did not purchase the standards, I went to read up advisera’s articles and went through their free foundation video course.

Now, I’m this… Continue reading ISO 27001 structure and granularity of the content→