Scribd Logo
Upload

Welcome to Scribd!

  • Iso 27001 2013 - Isms

    Uploaded by

    Hemraj Patel Bhuri
    4 views34 pages
    This document discusses controls listed in a system of application (SOA) and risk register, noting that there should not be any mismatches between controls listed as applicable in the SOA and those identified in the risk register. It provides an example where a control is marked as applicable in the SOA but is not listed in the risk register, indicating a potential risk was not properly identified. The document recommends reviewing the scope if any such mismatches are found between the SOA and risk register.

    Original Description:

    Original Title

    ISO-27001-2013_ISMS

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses controls listed in a system of application (SOA) and risk register, noting that there should not be any mismatches between controls listed as applicable in the SOA and those identified in the risk register. It provides an example where a control is marked as applicable in the SOA but is not listed in the risk register, indicating a potential risk was not properly identified. The document recommends reviewing the scope if any such mismatches are found between the SOA and risk register.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views34 pages

    Iso 27001 2013 - Isms

    Uploaded by

    Hemraj Patel Bhuri
    This document discusses controls listed in a system of application (SOA) and risk register, noting that there should not be any mismatches between controls listed as applicable in the SOA and those identified in the risk register. It provides an example where a control is marked as applicable in the SOA but is not listed in the risk register, indicating a potential risk was not properly identified. The document recommends reviewing the scope if any such mismatches are found between the SOA and risk register.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 34

    every option has a control attached to it. - Control - 6.1.

    3 a
    SOA - All the applicable controls and non applicable controls.

    Risk register - YEs - A 18..1.5 Regulation of


    for eg- 12.2.1 is mentioned in risk register. cyprtographic controls.
    and SOA its not applicable then its a mismatch.
    SOA- no
    Scope must be relooked.
    Review the scope in such scenario

    Fireewall will block unnecessary traffic , EDR,AV/AM


    In SOA - 12.2.1 - YES

    Risk Register - ut tnot there

    Risk is not identified

    Risk is identified but organization is having culture issues

    Eg- LAzy attitude and over confidence.)

    You might also like