September 27, 2020 By admin 0


Permission to use extracts from ISO was provided by Standards Council of Canada, in cooperation with IHS Canada. No further. Keyword: best practices, information security management, ISO , factor analysis, represent the ten dimensions in ISO were included in the survey. In this paper, a quantitative survey method is proposed for evaluating ISO compliance. Our case study has shown that the survey method gives accurate.

Author: Nikojora Sagrel
Country: Japan
Language: English (Spanish)
Genre: Finance
Published (Last): 19 June 2004
Pages: 168
PDF File Size: 2.34 Mb
ePub File Size: 14.74 Mb
ISBN: 484-6-66819-594-7
Downloads: 60718
Price: Free* [*Free Regsitration Required]
Uploader: Tekasa

Have you developed contingency plans in order to ensure that critical business processes are restored within a reasonable period of time? Have owners of business processes and resources been given the responsibility to manage the implementation of related fallback and business resumption plans?

Has your impact analysis identified how much damage your business process interruptions could cause?

ISO IEC 27002 2005

Did your impact analysis include all business processes? Does each business continuity plan describe fallback procedures that should be followed to move essential business activities and services to alternative locations? Do you amend your business continuity plans whenever new security threats or requirements are identified? Lets the Organization to have more serious focus on the little scraps of information. Do your emergency response procedures respect and reflect all related business contracts?


Have you taught your staff members how your critical business processes will be recovered and restored? Organizational Asset Management Audit. Do you use contractual terms and conditions to explain how data protection laws must be applied? Do you regularly update your business continuity plans?

Do agreements with third-party users define the notification procedures that must be followed whenever background checks identify doubts or concerns? A friendly approach and a dislike of bureaucracy has queetionnaire to unprecedented growth through referrals from contented clients.

Are your business continuity plans questionnzire with your business continuity strategy? Do you use your security role and responsibility definitions to implement your security policy?

Is your business continuity management process used to ensure that essential operations are restored as quickly as possible? Have you formulated a business continuity strategy for your information processing facilities?

Does each business continuity plan explain how relations with the public must be managed during an emergency? Did your senior management endorse your general business continuity strategy? Since quetsionnaire audit questionnaires can be used to identify the gaps that exist between ISO’s security standard and your organization’s security practices, it can also be used to perform a detailed gap analysis.

A quantitative method for ISO gap analysis – Semantic Scholar

isso17799 Have you documented your business continuity plans? Availability of a security policy and regulations make it easier to resolve security incidents. Do your background checking procedures define how ixo17799 checks should be performed? Have you established a single framework of business continuity plans in order to ensure that all plans are consistent with one another? A Socio-Technical approach to address the Information security: It is the code of practice including controls in 11 different domains.


Once you’ve filled all the gapsyou can be assured that you’ve done everything humanly possible to protect your information assets. We begin with questionbaire table of contents. This paper has 30 citations. Information Systems Security Management Audit. Availability of a business continuity process.

Do you regularly test your business continuity plans? Do your background checking procedures define who is allowed to carry out background checks? Have you documented your continuity strategy? And as long as you keep intact all copyright notices, you are also welcome to print or make one copy of this page for your iso17799 personal, noncommercialhome use.

Does each business continuity plan describe resumption procedures that should be followed to bring your business processes and services back to normal? Do you use contracts to explain what will be done if a contractor disregards your security requirements?