Permission to use extracts from ISO was provided by Standards Council of Canada, in cooperation with IHS Canada. No further. Keyword: best practices, information security management, ISO , factor analysis, represent the ten dimensions in ISO were included in the survey. In this paper, a quantitative survey method is proposed for evaluating ISO compliance. Our case study has shown that the survey method gives accurate.

Author: Kabei Nerisar
Country: Turks & Caicos Islands
Language: English (Spanish)
Genre: Video
Published (Last): 3 April 2007
Pages: 419
PDF File Size: 6.14 Mb
ePub File Size: 4.37 Mb
ISBN: 674-8-48776-579-9
Downloads: 34365
Price: Free* [*Free Regsitration Required]
Uploader: Goltilabar

ISO IEC 27002 2005

Do you amend your business continuity plans whenever new security threats or requirements are identified? Have you taught your staff members how your critical business processes questionanire be recovered and restored?

Organizational Asset Management Audit. Skip to search form Skip to main content. Do your emergency response procedures accommodate and deal with all external business interdependencies?

A quantitative method for ISO 17799 gap analysis

Asset Classification and Control Audit. Have you analyzed the impact that security failures could have on your critical business processes? Do your qusstionnaire checking procedures define why background checks should be performed?

Information Security Incident Management Audit. Business Continuity Management As a result, our audit tool is also a Gap Analysis Tool. The following material presents a sample of our audit questionnaires. Web master Zoomla Infotech.


Does each business continuity plan clearly specify who is responsible for executing each part of the plan? COST Please fill a simple questionnaire and we will get in touch with you with our most competitive rates. Legal and Contact Information. Do you carry out credit checks on new personnel? Does each qkestionnaire continuity plan describe fallback procedures that should be followed to reactivate your business processes within the required time limits?

Do your background checking procedures define who is allowed to carry out background checks? Does each business continuity plan specify the process that must be followed before a plan may be activated? Does each business continuity plan explain how relations with governmental agencies and authorities should be managed during an emergency? Did your impact analysis questiinnaire all business processes?

ISO Information Security Audit Questionnaire

YES answers identify security practices that are already being followed. Do you practice implementing your contingency plans?

Have you documented emergency response procedures? Does each business continuity plan explain how relations with the public must be managed during an emergency? Lets the Organization to have more serious focus on the little scraps of information. Do your background checking procedures define when background checks may be performed?

Do your emergency response procedures ensure that your critical processes will be recovered and restored within the required time limits? And as long as questtionnaire keep intact all copyright notices, you are also welcome to print or make one copy of this page for your own personal, noncommercialhome use.


Do you use contractual terms and conditions to define the security restrictions and obligations that control how third-party users will use your assets and access your information systems and services?

However, it will not present the entire product. Do you use contracts to control how personnel agencies screen contractors on behalf of your organization? Does each business continuity plan specify who should be contacted and involved before a plan may be activated? Legal Restrictions on the Use of this Page Thank you for visiting this page. Do you use employment contracts to state that employees are expected to classify information?

Have you estimated the likelihood that your organization will be exposed to significant security risks and threats? Do your personnel agency contracts define notification procedures that agencies must follow whenever background checks identify doubts or concerns? This paper has 30 qhestionnaire.

Availability of a business continuity process.