ISO17799 QUESTIONNAIRE PDF

Permission to use extracts from ISO was provided by Standards Council of Canada, in cooperation with IHS Canada. No further. Keyword: best practices, information security management, ISO , factor analysis, represent the ten dimensions in ISO were included in the survey. In this paper, a quantitative survey method is proposed for evaluating ISO compliance. Our case study has shown that the survey method gives accurate.

Author: Kazralrajas Kajilrajas
Country: Indonesia
Language: English (Spanish)
Genre: Politics
Published (Last): 3 March 2014
Pages: 135
PDF File Size: 17.22 Mb
ePub File Size: 18.44 Mb
ISBN: 823-3-32128-676-3
Downloads: 66051
Price: Free* [*Free Regsitration Required]
Uploader: Gardalkis

However, it will not present the complete product. We begin with a table of contents. It shows how we’ve organized our product. In order to illustrate our approach, we also provide an example of our audit questionnaire. The complete product has 10 such questionnaires and is pages long.

The audit questionnaires are used to identify the gaps that exist between the ISO BS Security Standard and your security practices and processes. As a result, our audit tool is also a Gap Analysis Tool. Once you’ve identified and filled all of your security gapsyou can be sure that you’ve done everything you can to protect your information systems and facilities. Business Continuity Management Audit.

Is your business continuity management process used to prevent business disruptions, security failures, and disasters? Is your business continuity management process used to recover from business disruptions, security failures, and disasters? Is your business continuity management process used to identify and reduce risks? Is your business continuity management process used to ensure that essential operations are restored as quickly as possible?

Have you analyzed the impact that disasters could have on your critical business processes? Have you analyzed the impact that security failures could have on your critical business processes?

Have you analyzed the impact that a loss kso17799 service could have on your critical business processes? Have you developed contingency plans in order to ensure that critical business processes are restored within qufstionnaire reasonable period of time?

Do you practice implementing your contingency plans? Have you established a process to manage and maintain business continuity throughout your organization? Have you identified and prioritized your most critical business processes?

Have you identified the risks that threaten the security of your business processes? Have you estimated the likelihood that your organization will be exposed to significant security risks and threats? Have you analyzed the impact that interruptions could have on the viability of your business?

Have you found solutions to the security problems that could undermine the viability of your business? Have you increased your security through the purchase of suitable insurance?

Have you formulated business objectives questionnnaire priorities for your information processing facilities? Qeustionnaire you formulated a business iso17799 strategy for your information processing facilities? Have you documented your continuity strategy? Is your business continuity strategy consistent with your business objectives and priorities?

  EDWARD BURNETT TYLOR PRIMITIVE CULTURE PDF

Have you formulated business continuity plans for your information processing facilities? Have you documented your business continuity plans? Are your business continuity plans consistent with your business continuity strategy?

Has responsibility for coordinating your continuity management process been assigned to someone at the appropriate level within your organization?

Ido17799 you institutionalized continuity management? Have you carried out a threat analysis in order to identify the events that could interrupt your business processes? Did you carry out your threat analysis with the full involvement of process and resource owners?

Did your threat analysis include all business processes? Has your impact analysis identified how much damage quextionnaire business process interruptions could cause? Has your impact analysis identified how long it would take to recover from business process interruptions?

Did you carry out your impact analysis with the full involvement of process and resource owners? Did your impact analysis include all business processes?

Did your senior management endorse your general business continuity strategy? Have you developed plans to restore and continue business operations after critical processes have failed or been interrupted? Do your business continuity plans help you to achieve your business objectives?

Do your business continuity plans help you queetionnaire restore services to customers within a reasonable time period?

ISO (BS ) Information Security Auditing Tool

Do your business continuity plans identify the resources that will be needed to restore your business processes? Do your business continuity plans identify and assign all emergency management responsibilities? Do your business continuity plans define all necessary emergency response procedures?

Do your emergency response procedures ensure that your critical processes will be recovered and restored within the required time limits?

Do your emergency response procedures accommodate and deal with all external business interdependencies? Questionnairre your emergency response procedures respect and reflect all related business contracts? Have you documented emergency response procedures? Have you documented critical business processes?

Do your business continuity plans identify fallback arrangements for information processing facilities? Have you taught your staff members how to use your emergency iso17799 procedures?

Have you taught your staff members how your critical business processes will be recovered and restored? Have you taught your staff members about your crisis management methods and procedures? Do you regularly test your business continuity plans? Do you regularly update your business continuity plans? Have you questionnaite a single framework of business continuity plans in order to ensure that all plans are consistent with one another?

Do you use your business continuity planning framework to determine plan testing priorities? Do you use your business continuity planning framework to determine plan maintenance priorities? Does each business continuity plan include a maintenance schedule that explains how and when the plan will be tested and maintained?

Do you amend your business continuity plans whenever new security threats questtionnaire requirements are identified?

ISO Information Security Audit Questionnaire

Does each business continuity plan questioonnaire specify the conditions that must met before it queetionnaire activated? Does each business continuity plan specify the process that must be followed before a plan may be activated? Does questiobnaire business continuity plan explain how a crisis situation should be assessed before a plan is activated? Does each business continuity plan specify who should be contacted and involved before a plan may be activated?

  CASPER AND GAMBINI MENU PDF

Does each business continuity plan clearly specify who is responsible for executing each part of the plan? Does each business continuity plan describe the emergency procedures quesfionnaire must be followed and the actions that must be taken to handle security incidents?

Does each business continuity plan explain how relations with the public must be managed during an emergency? Does each business continuity plan explain how relations with governmental agencies and authorities should be managed during an emergency?

Does each business continuity plan explain how relations with emergency responders should be managed during an emergency? Does each business continuity plan describe fallback procedures that should be followed to move essential business activities and services to alternative locations? Does each business continuity plan describe fallback questionnaird that should be followed to reactivate your business processes within the required time limits?

Does each business continuity plan describe resumption procedures that should be followed to bring your business processes and services back to normal? Does each business continuity plan describe the education and awareness activities that should be carried out to help ensure that staff members understand your business continuity methods and procedures? Does each business continuity plan specify who owns and is responsible for isso17799 and maintaining the plan?

ISO IEC 27002 2005

Have owners of business processes and resources been given the responsibility to manage the implementation of related fallback and business resumption plans? Are owners of business processes and resources responsible for managing the implementation of the emergency response procedures that effect their areas?

Are technical service providers responsible for managing the implementation of alternative technical services and iso17979 arrangements? Are information service providers responsible for managing uqestionnaire implementation of alternative information processing facilities and fallback arrangements? Are communications service providers responsible for managing the implementation of alternative communications facilities and fallback arrangements? Updated on April 23, On the Web since May 25, Legal Restrictions on the Use of this Page Thank you for visiting this page.

A quantitative method for ISO 17799 gap analysis

Asset Classification and Control Audit. Personnel Security Management Audit. Physical and Environmental Security Audit.

Communications and Operations Management Audit. Information Access Management Control Audit. Systems Development and Maintenance Audit. Legal and Contact Information.