Permission to use extracts from ISO was provided by Standards Council of Canada, in cooperation with IHS Canada. No further. Keyword: best practices, information security management, ISO , factor analysis, represent the ten dimensions in ISO were included in the survey. In this paper, a quantitative survey method is proposed for evaluating ISO compliance. Our case study has shown that the survey method gives accurate.

Author: Vukasa Akigami
Country: Namibia
Language: English (Spanish)
Genre: Medical
Published (Last): 22 September 2017
Pages: 391
PDF File Size: 10.29 Mb
ePub File Size: 1.60 Mb
ISBN: 726-5-59415-830-9
Downloads: 79999
Price: Free* [*Free Regsitration Required]
Uploader: Kazirr

YES answers identify security practices that are already being followed. Did your impact analysis include all business processes? A to Z Index. System Development and Maintenance Does each business continuity plan specify the process that must be followed before a plan may be activated? Instead, it questionnaure show you how our information security audit tool is organized and it will introduce our approach.

Updated on April 29, Have you found solutions to the security problems that isp17799 undermine the viability of your business? Does each business continuity plan include a maintenance schedule that explains how and when the plan will be tested and maintained? Did you carry out your impact analysis with the full involvement of process and resource owners? Do you use employment contracts to state that employees are expected to classify information? Have you taught your staff members how your critical business processes will be recovered and restored?

Corporate Security Management Audit. Do you use employment contracts to explain what employees must do to protect personal information?

A quantitative method for ISO gap analysis – Semantic Scholar

Do you use your security role and responsibility definitions to implement your security policy? Is your business continuity management process used to recover from business disruptions, security failures, and disasters?


Has your impact analysis identified how long it would take to recover from business process interruptions? Do your personnel agency contracts define notification procedures that agencies must follow whenever background checks identify doubts iso177799 concerns? Have you established a single framework of business continuity plans in order to ensure that all plans are consistent with one another? It shows how we’ve organized our product.

Does each business continuity plan specify who owns and is responsible for managing queestionnaire maintaining the plan?

ISO IEC 27002 2005

Did your threat analysis questtionnaire all business processes? From This Paper Figures, tables, and topics from oso17799 paper. Have you developed plans to restore and continue business operations after critical processes have failed or been interrupted?

On the Web since May 25, By clicking accept or continuing to use the site, you agree to the terms outlined in our Privacy PolicyTerms of Serviceand Dataset License.

Sound information security is the cornerstone of sensible corporate governance.

Do your emergency response procedures ensure that your critical processes will be recovered and restored within the required time limits? The complete product has 10 such questionnaires and is pages long.

A quantitative method for ISO 17799 gap analysis

Does each business continuity plan describe the education and awareness activities that should be carried quewtionnaire to help ensure that staff members understand your business continuity methods and procedures?

In volume it is the main body of the overal ‘standard set’ itself. Have you analyzed the impact that security failures could have on your critical business processes? Have you identified the risks that threaten the security of your business processes? Physical and Environmental Security 7.


Do agreements with third-party users define the notification procedures that must be followed whenever background checks identify doubts or concerns? Do your business continuity plans identify and assign all emergency management responsibilities? Did your senior management endorse your general business continuity strategy? References Publications referenced by this paper.

ISO Information Security Audit Questionnaire

Do your background checking procedures define when background checks may be performed? The audit questionnaires are used to identify the gaps that exist between the ISO BS Security Standard and your security practices and processes. Do your background checks comply with all suestionnaire information collection and handling legislation? It is the code of practice including controls in 11 different domains. Do your business continuity plans identify the resources that will be needed to restore your business processes?

Does each business continuity plan specify who should be contacted and involved before a plan may be activated? Have you analyzed the impact questionnzire interruptions could have on the viability of your business? Legal Restrictions on the Use of this Page Thank you for visiting this webpage. This possibly illustrates why risk analysis and security policies are so fundamental to progress with this standard.

Lets the Organization to have more serious focus on the little scraps of information. Showing of 13 extracted citations. Does each business continuity plan explain how relations with governmental agencies and authorities should be managed during an emergency? Physical and Environmental Security Management Audit.