Permission to use extracts from ISO was provided by Standards Council of Canada, in cooperation with IHS Canada. No further. Keyword: best practices, information security management, ISO , factor analysis, represent the ten dimensions in ISO were included in the survey. In this paper, a quantitative survey method is proposed for evaluating ISO compliance. Our case study has shown that the survey method gives accurate.

Author: Zulusida Gardanris
Country: Tunisia
Language: English (Spanish)
Genre: Photos
Published (Last): 6 October 2017
Pages: 250
PDF File Size: 18.57 Mb
ePub File Size: 10.71 Mb
ISBN: 918-8-18993-524-7
Downloads: 43651
Price: Free* [*Free Regsitration Required]
Uploader: Nikonos

Availability of a business continuity process. Outline of Audit Process. Structured Risk Analysis Neil A.

Do your emergency response procedures respect and reflect all related business contracts? Legal and Contact Information.

Does each business continuity plan explain how a crisis situation isi17799 be assessed before a plan is activated? Do your business continuity plans identify the resources that will be needed to restore your business processes?

Sound information security is the cornerstone of sensible corporate governance. Have you taught your staff members how to use your emergency response procedures? Does each business continuity plan clearly specify who is responsible for executing each part of the plan?

ISO (BS ) Information Security Auditing Tool

Do you use isso17799 business continuity planning framework to determine plan maintenance priorities? Have you analyzed the impact that a loss of service could have on your critical business processes?

Are information service providers responsible for managing the implementation of alternative information processing facilities and fallback arrangements? Are your business continuity plans consistent with your business continuity strategy? Does each business continuity plan describe the emergency procedures that must be followed and the actions that must be taken to suestionnaire security incidents?

Are technical service providers responsible for managing the implementation of alternative technical services and fallback arrangements? Did your senior management endorse your general business continuity strategy?


Have you documented critical business processes?

ISO IEC 27002 2005

Do you use your business continuity planning framework to determine plan testing priorities? Have you developed contingency plans in order to ensure that critical business processes are restored within a reasonable period of time? Define a security policy Define the scope of the ISMS Undertake a risk assessment Manage the risk Select control objectives and controls to be implemented Prepare a statement of applicability.

Do you use questionnaite contracts to explain what employees must do to protect personal information? Do your personnel quesfionnaire contracts define notification procedures that agencies must follow whenever background checks identify doubts or concerns? In contrast, NO answers point to security practices that need to be implemented and actions that should be taken. Once you’ve identified and filled all of your security gapsyou can be sure that you’ve done everything you can to protect your information systems and facilities.

Once you’ve filled all the gapsyou can be assured that you’ve done everything humanly possible to protect your information assets.

The audit questionnaires are used to identify the questionnxire that exist between the ISO BS Security Standard and your security practices and processes. Have owners of business processes and resources been given the responsibility to manage the implementation of related fallback and business resumption plans? Have you documented your business continuity plans? Does each business continuity plan clearly specify the conditions that must met before it is activated?

Have you established a single framework of business continuity plans in order to ensure that all plans are consistent with one another? The contents of this part are as follows: Instead, it will show you how our information security audit tool is organized and it will introduce our approach. Have you established a process to manage and maintain business continuity throughout your organization?


Physical and Environmental Security Audit. Personnel Security Management Questionnaiee. YES answers identify security practices that are already being followed.

Skip to search form Skip to main content. Do you use questionnajre contracts to state that employees are expected to classify information?

Citations Publications citing this paper. It essentially explains how to apply ISO and it is this part that can currently be certified against. Communications and Operations Management Audit. It is the means to measure, monitor and control security management from a top down perspective.

A quantitative method for ISO 17799 gap analysis

In order to illustrate our approach, we also provide an example of our audit questionnaire. Does each business continuity plan questtionnaire the process that must qkestionnaire followed before a plan may be activated?

Do you amend your business continuity plans whenever new security threats or requirements are identified? As a result, our audit tool is also a Gap Analysis Tool. Part 2 defines a six part ‘process’, roughly as follows: Do you use contractual terms and conditions to define the security restrictions and obligations that control how employees will use your assets and access your information systems and services?

Does each business continuity plan describe fallback procedures that should be followed to move essential business activities and services to alternative locations?

A quantitative method for ISO gap analysis – Semantic Scholar

System Development and Maintenance This paper has 30 citations. We begin with a table of contents. Have you taught your staff members how your critical business processes will be recovered and restored?