Permission to use extracts from ISO was provided by Standards Council of Canada, in cooperation with IHS Canada. No further. Keyword: best practices, information security management, ISO , factor analysis, represent the ten dimensions in ISO were included in the survey. In this paper, a quantitative survey method is proposed for evaluating ISO compliance. Our case study has shown that the survey method gives accurate.

Author: Shamuro Zujind
Country: Algeria
Language: English (Spanish)
Genre: Software
Published (Last): 4 December 2011
Pages: 75
PDF File Size: 15.98 Mb
ePub File Size: 1.45 Mb
ISBN: 600-9-37158-160-9
Downloads: 29079
Price: Free* [*Free Regsitration Required]
Uploader: Tegore

ISO Information Security Audit Questionnaire

Does each business continuity plan specify who owns and is responsible for managing and maintaining the plan? Do your background checking procedures define why background checks should be performed?

Do your background checking procedures define when background checks may be performed? It shows how we’ve organized our product. Do you use employment contracts to state that employees qquestionnaire expected to classify information?

Do your background checks comply with all relevant information collection and handling legislation? Once you’ve filled all the gapsyou can be assured that you’ve done everything humanly possible to protect your information assets. This paper has 30 citations. Availability of a security policy and regulations make it easier to resolve questionnnaire incidents. Communications and Operations Management 8.


Do you use your business continuity planning framework to determine plan maintenance priorities? Does each business continuity plan clearly specify who is responsible for executing each part of the plan? Have you analyzed the impact that a loss of service could have on your critical business processes? This is essentially the set of security controls: Has your impact analysis identified how much damage your business process interruptions could cause?

An information security ontology incorporating human-behavioural implications Simon Edward ParkinAad P.

Have you documented critical business processes? Do you use employment contracts to explain what employees must do to protect personal information?

Volume of data maintenance can be reduced – when classification of data is done redundant data can be eliminated.

Did your impact analysis include all business processes? In contrast, NO answers point to security practices questionniare need to be implemented and actions that should be taken. System Development and Maintenance On the Web since May 25, Do you use contractual terms and conditions to define the security restrictions and obligations that control how third-party users will use your assets and access your information systems and services?


Have questionanire estimated the likelihood that your organization will be exposed to significant security risks and threats? Has your impact analysis identified how long it would take to recover from business process interruptions?

Have you developed plans to restore and continue business operations after critical processes have failed or been interrupted?

The emergence of an international standard to support this, was perhaps, inevitable. Topics Discussed in This Paper.

ISO IEC 27002 2005

Have you institutionalized continuity questionnalre Citations Publications citing this paper. Updated on April 29, Case studies in Thai Business Siridech Kumsuprom This possibly illustrates why risk analysis and security policies are so fundamental to progress with this standard.

We begin with a table of contents. Personnel Security Management Audit. Information Access Control Management Audit. Availability of a business continuity questionnarie. You are, of course, welcome to view our material as often as you wish, free of charge. Have you increased your security through the purchase of suitable insurance?