User Account

All Pages

ITEC854 Security Management- Assignment Problem

Assignment Help Other Subject
Reference no: EM132387129

ITEC854 Security Management

"ISO/IEC 27001:2013 ISMS Status,  Statement of Applicability (SoA) and Controls Status (gap analysis) workbook"

Introduction

This spreadsheet is used to record and track the status of your organization as you implement the mandatory and discretionary elements of ISO/IEC 27001.

The main body of ISO/IEC 27001 formally specifies a number of mandatory requirements that must be fulfilled in order for an Information Security Management System (ISMS) to be certified compliant with the standard. All the mandatory requirements for certification concern the management system rather than the information security controls. 

For example, the standard requires management to determine the organization's information security risks, assess them, decide how those risks are to be treated, treat them and monitor them, using the policies and procedures defined in the ISMS.  It does not mandate specific security controls.

However, Annex A to '27001 outlines a suite of information security controls that the management system would typically be used to manage, provided they are in fact applicable to the organization (which depends on its information security risks).  The security controls in Annex A are explained in much more detail in ISO/IEC 27002, and in various other standards, laws, regulations etc.

Instructions

1. Design and implement an ISMS complying with all the mandatory elements specified in the main body of ISO/IEC 27001, using the drop-down selectors on the status column of the mandatory ISMS requirements sheet to track and record its status.

2. Identify and assess the information security risks facing those parts of the organization that are declared in scope for your ISMS, identifying any Annex A controls that are not applicable using the drop-down selectors in the status column of the annex A controls sheet. 

3. Systematically check and record the status of your security risks and controls, updating the status column of Annex A sheet accordingly.

4. Once your ISMS is operating normally, the metrics are looking good and you have amassed sufficient evidence ("records"), it can be formally audited for compliance with '27001 by an accredited certification body.  They will check that your ISMS  fulfills the standard's mandatory requirements, and that your in-scope information security risks are being identified, treated and monitored according to the ISMS policies and procedures.  Thereafter, the spreadsheet should both be maintained i.e. updated when the information security risks or controls change, and periodically reviewed/audited.

History and acknowledgements

Bala Ramanan donated the original ISO/IEC 27001:2005 version of the 27001 requirements worksheet.   Joel Cort added the SoA worksheet.  Gary Hinson hacked it about for publication in the ISO27k Toolkit

Ed Hodgson updated the workbook for ISO/IEC 27001:2013.  Gary Hinson fiddled with the wording and formatting, splitting out the metrics and creating a simpler, generic version for the ISO27k Toolkit.

Attachment:- Requirement.rar

Reference no: EM132387129

Questions Cloud

Why is it so hard for the homeless : Why is it so hard for the homeless to find services or support to be able to get off the streets?
Make of kane claim that masculinity : Emily Kane's essay stresses that many parents think much of their work with their children is to "accomplish" gender in them.
CS 553 Client-Server Architectures Assignment Problem : CS 453/CS 553 - Client/Server Architectures Assignment, Homework Help - The University of Alabama in Huntsville, USA - Write small socket program
Cannon-bard theory and the james-lange theory : Distinguish between the Cannon-Bard Theory and the James-Lange Theory and show how you would apply any one in an organization of your choice.
ITEC854 Security Management- Assignment Problem : ITEC854 Security Management Assignment Help and Solutions- Macquarie University, Sydney-Design and implement an ISMS complying with all the mandatory elements.
Do you believe it continues to be essential to study : Do you believe it continues to be essential to study diversity?
Interlocking structures of oppression : Patricia Hill Collins refers to race, class, gender, etc. as "interlocking structures of oppression." Implied in that statement is that while some are oppressed
Describe family dynamics from the functionalist : Describe your family dynamics from the functionalist, conflict, and symbolic interactionist perspectives.
Discuss the ways in which these two levels differ and merge : Discuss the ways in which these two levels differ and merge. When working in the profession, when might it be necessary to utilize both simultaneously?

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd