Permission to use extracts from ISO was provided by Standards Council of Canada, in cooperation with IHS Canada. No further. Keyword: best practices, information security management, ISO , factor analysis, represent the ten dimensions in ISO were included in the survey. In this paper, a quantitative survey method is proposed for evaluating ISO compliance. Our case study has shown that the survey method gives accurate.

Author: Kazragor Nalmaran
Country: Trinidad & Tobago
Language: English (Spanish)
Genre: Software
Published (Last): 11 March 2006
Pages: 107
PDF File Size: 17.7 Mb
ePub File Size: 9.97 Mb
ISBN: 855-8-88642-512-5
Downloads: 33042
Price: Free* [*Free Regsitration Required]
Uploader: Akinorr

Asset Classification and Control 5. Citations Publications citing this paper. Do you carry out credit checks on new personnel?

A quantitative method for ISO gap analysis – Semantic Scholar

This possibly illustrates why risk analysis and security policies are so fundamental to progress with this standard. An information security ontology incorporating human-behavioural implications Simon Edward ParkinAad P.

Do your emergency response procedures ensure that your critical processes will be recovered and restored within the required time limits? Communications and Operations Management 8. Did your impact analysis include all business processes?

Does each business continuity plan describe resumption procedures that should be followed to bring your business processes and services back to normal? Have you documented critical business processes? Have you analyzed the impact that interruptions could have on the viability of your business?

Does each business continuity plan clearly questionnairf who is responsible ixo17799 executing each part of the plan? Did you carry out your threat analysis with the full involvement of process and resource owners? Lets the Organization to have more serious focus on the little scraps of information. Have you developed contingency plans in order to ensure that critical business processes are restored within a reasonable period of time?


Have you documented emergency response procedures? Information Access Control Management Audit. The standard effectively comprises of two parts: A Socio-Technical approach to address the Information security: Questionnajre information security is the cornerstone of sensible corporate governance.

Has your impact analysis identified how long it would take to recover from business process interruptions?

Do your business continuity plans define all necessary emergency response procedures? Do you use contractual terms and conditions to define the security restrictions and obligations that control how contractors will use your assets and access your information systems and services?

Do you use your business continuity planning framework to determine plan testing priorities? Does each business continuity plan explain how relations with emergency responders should be managed during an emergency?

A friendly approach and a dislike of bureaucracy has led to unprecedented growth through referrals from questionnaaire clients.

ISO IEC 27002 2005

Web master Zoomla Infotech. Do you amend your business continuity plans whenever new questionnairre threats or requirements are identified? Does each business continuity plan explain how relations with governmental agencies and authorities should be managed during an emergency?

Availability of a business continuity process. Does each business continuity plan describe fallback procedures that should be followed to move essential business activities and services isso17799 alternative locations? Do you use contracts to control how personnel agencies screen contractors on behalf of your organization?

Have you analyzed the impact that security failures could have on your critical business processes? Do you use employment contracts to explain what employees must do to protect personal information? Once you’ve filled all the gapsyou can be assured that you’ve done everything humanly possible to protect your information assets. Have you institutionalized continuity management? Please fill a simple questionnaire and we will get in touch with you with our most competitive rates.


Is your business continuity management process used to identify and reduce questionnairee They require no further action. Have you estimated the likelihood that your organization will be exposed to significant security risks wuestionnaire threats? Information Security Incident Management Audit.

The emergence of an international standard to support this, was perhaps, inevitable. Are communications service providers responsible for managing the implementation of alternative communications facilities and fallback arrangements? Are owners of business processes and resources responsible for managing the implementation of the emergency response procedures that effect their areas? Does each business continuity plan specify who owns and is responsible for managing and maintaining the plan?

Personnel Security Management Audit. Do your emergency response procedures respect and reflect all related business contracts? Skip to search form Skip to main content. Does each business continuity plan describe the education and awareness activities that should be carried out to help ensure that staff members understand your business continuity methods and procedures? Systems Development and Maintenance Audit. Instead, it will show you how our information security audit tool is organized and it will introduce our approach.

We begin with a table of contents. In order to illustrate our approach, we also provide sample audit questionnaires. Do you use contracts to explain what will be done if a contractor disregards your security requirements? Legal and Contact Information.