Permission to use extracts from ISO was provided by Standards Council of Canada, in cooperation with IHS Canada. No further. Keyword: best practices, information security management, ISO , factor analysis, represent the ten dimensions in ISO were included in the survey. In this paper, a quantitative survey method is proposed for evaluating ISO compliance. Our case study has shown that the survey method gives accurate.

Author: Febar Fenrihn
Country: Uganda
Language: English (Spanish)
Genre: Technology
Published (Last): 5 March 2015
Pages: 384
PDF File Size: 6.53 Mb
ePub File Size: 7.94 Mb
ISBN: 995-8-55754-329-9
Downloads: 61105
Price: Free* [*Free Regsitration Required]
Uploader: Mezikus

This is essentially the set of security controls: Topics Discussed in This Paper. Once you’ve filled all the gapsyou can be assured that you’ve done everything humanly possible to protect your information assets.

Asset Classification and Control Audit. Do your business continuity plans help you to restore services to customers within a reasonable time period? Since our audit questionnaires can be used to identify the gaps that exist between ISO’s security standard and your organization’s security practices, it can also be used to perform a detailed gap analysis.


Does each business continuity plan describe fallback procedures that should be followed to move essential business activities and services to alternative locations?

Is your business continuity management process used to ensure that essential operations are restored as quickly as possible? Do your emergency response procedures ensure that your critical processes will be recovered and restored within the required time limits? For each questionthree answers are possible: Updated on April 23, Systems Development and Maintenance Audit. Security Policy Management Audit. Updated on April 29, Have you identified and prioritized your most critical business processes?

Does each business continuity plan specify who owns and is responsible for managing and maintaining the plan? Has your impact analysis identified how much damage your business process interruptions could cause?

ISO IEC 27002 2005

Does each business continuity plan clearly specify who is responsible for executing each part of the plan? Do your background checking procedures define how background checks qudstionnaire be performed?

First published on November 8, Communications and Operations Management 8. Did your senior management endorse your general business continuity strategy?

A quantitative method for ISO gap analysis – Semantic Scholar

Once you’ve identified and filled all of your security gapsyou can be sure that you’ve done everything you can to protect your information systems and facilities.


Information Security Control Objectives. A friendly approach and a dislike of bureaucracy has led to unprecedented growth through referrals from contented clients.

Physical and Environmental Security Audit. In volume it is the main body of the overal ‘standard set’ itself. YES answers identify security practices that are already being followed.

Business Continuity Management Audit.

A quantitative method for ISO 17799 gap analysis

It is the means to measure, monitor and control security management from a top down perspective. Business Continuity Management Information Security POlicy 4.

This paper has 30 citations.

Qiestionnaire each business continuity plan explain how relations with emergency responders should be managed during an emergency? From This Paper Figures, tables, and topics from this paper. Have you formulated business objectives and priorities for your information processing facilities?