Permission to use extracts from ISO was provided by Standards Council of Canada, in cooperation with IHS Canada. No further. Keyword: best practices, information security management, ISO , factor analysis, represent the ten dimensions in ISO were included in the survey. In this paper, a quantitative survey method is proposed for evaluating ISO compliance. Our case study has shown that the survey method gives accurate.

Author: Shakajar Gardashicage
Country: Libya
Language: English (Spanish)
Genre: Environment
Published (Last): 18 May 2013
Pages: 242
PDF File Size: 19.84 Mb
ePub File Size: 13.16 Mb
ISBN: 748-2-84812-753-3
Downloads: 31372
Price: Free* [*Free Regsitration Required]
Uploader: Moogukinos

Do your emergency response procedures respect and reflect all related business contracts? Physical and Environmental Security Audit.

Security Policy Management Audit. Are communications service providers responsible for managing the implementation of alternative communications facilities and fallback arrangements?

ISO Information Security Audit Questionnaire

Please fill a simple questionnaire and we will get in touch with you with our most competitive rates. System Development and Kso17799 Case studies in Thai Business Siridech Kumsuprom COST Please fill a simple questionnaire and we will get in touch with you with our most competitive rates. Have you formulated business continuity plans for your information processing facilities?


Since our audit questionnaires can be used to identify the gaps that exist between ISO’s security standard and your organization’s security practices, it can also be used to perform a detailed gap analysis.

Is your business continuity management process used to ensure that essential operations are restored as quickly as possible?

Have you documented your business continuity plans? Does each business continuity plan explain how a crisis situation should be assessed before a plan is activated? Does each business continuity plan describe fallback procedures that should be followed to move essential business activities and services to alternative locations?

ISO (BS ) Information Security Auditing Tool

The standard effectively comprises of two parts: Have owners of business processes and resources been given the responsibility to manage the implementation of related fallback and business resumption plans? Do you use contracts to explain what will be done if a contractor disregards your security requirements? Do you practice implementing your contingency plans? Do questiohnaire regularly update your business continuity plans? You are, of course, welcome to view our material as often as you wish, free of charge.

A to Z Index.

Do you use your security role and responsibility definitions to implement your uqestionnaire policy? Once you’ve identified and filled all of your security gapsyou can be sure that you’ve done everything you can to protect your information systems and facilities. Information Access Control Management Audit. However, it will not present the complete product.


Have you found solutions to the security problems that could undermine the viability of your business? Do your business continuity plans define all necessary emergency response procedures? Does each business continuity plan include a maintenance schedule that explains how and when the plan will be tested and maintained?

Terms and definitions 3. Do you use your business continuity planning framework to determine plan testing priorities? Topics Discussed in This Paper.

A quantitative method for ISO 17799 gap analysis

It is the means to measure, monitor and control security management from a top down perspective. This is essentially the set of security controls: Web master Zoomla Infotech. Is your business continuity strategy consistent with your business objectives and priorities?