Welcome to Maxi-Pedia Forum. Maxi-Pedia discussion forum is a free community inviting you to express your ideas and discuss various topics with other contributors.

March 29, 2024, 03:37:41 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Most Recent Posts:
Pages: [1]
  Print  
Author
Topic: 

ISMS Planning before Organization Establishment

 (Read 13598 times)
sni63
Newbie
*
Posts: 4


« on: July 25, 2010, 12:55:13 pm »

Hello my friends

I'm beginner in ISMS

We outsource our ISMS planning for some current projects to a team

Suppose our project is Establishing a new Organization with some features Technical and Management features

The team, say we can not provide any comment on security (include policy, BCP, risk assessment and so on) until your organization (our project) establish completely

Is it true? Can we trust them? How we can evaluate them? and ...

They give us just some general document for example: ISO 27002 Policies, a BCP plan (very general) and Penetration Test methodology, and some table for risk assessment. It is interesting they give us a Threat Modeling document. I think this is related to software engineering but they provide it for ISMS plan. Not surprising?


They said: our information about your project is very low and until is ....
What information really are needed for plan an ISMS? What information about out project we should give them exactly?

Help me, it's thousands of dollars
Logged
Maxi-Pedia Forum
« on: July 25, 2010, 12:55:13 pm »

 Logged
sni63
Newbie
*
Posts: 4


« Reply #1 on: July 26, 2010, 01:20:24 pm »

really nobody?
Are there anyone ever? Huh Undecided
Logged
atari
Full Member
***
Posts: 121


« Reply #2 on: July 29, 2010, 04:22:43 pm »

Sorry, I guess everyone is out on vacation. Smiley We are implementing ISMS too. To plan ISMS, you do not need much. Basically, there is the stuff that helps you and the remaining stuff that is just to formalize it. Everything starts with risk assesment/analysis - you get external consultants who perform a thorought audit and tell you where your problems are (relative to data and information security). You react upon it by furnishing sort of an action plan which ends up in a Statement of Applicability which is a formal document for your stakeholders/management. From that point forward, you take measures to mitigate those risks, and the special thing about ISMS is that you do it in a PDCA cycle way (you plan your measures, then implement them, check feedback/results, take more measures). Hope that helps.

Before you answer your consultants questions, have them sigh confidentiality agreement. In case you are really really concerned about information loss, give them what they ask for, but tell them they can use it while in your office only, no taking it home, no photocopies, no pictures.
Logged
steven
Full Member
***
Posts: 223


« Reply #3 on: July 30, 2010, 02:50:46 pm »

What kind of information exactly are you concerned about? As Atari said, it is not unusual that the initial risk analysis is done by external consultants.
Logged
sni63
Newbie
*
Posts: 4


« Reply #4 on: July 31, 2010, 05:48:15 am »

hello
Thanks for your replies guys

Clearly I want to know for ISMS planning:
What information we should (or must) give them?
What information they should (or must) give us?

thanks so much
Logged
steven
Full Member
***
Posts: 223


« Reply #5 on: August 03, 2010, 12:45:08 pm »

I would not give tham passwords and PINs, but other that that it depends on how well done you want the risk analysis. If you want to have a good risk analysis, you need to provide more info. If you just want to get a piece of paper, then you can fight for not providing any info to the external consultant. But then one might ask why you want to impelement ISMS, of course.
Logged
atari
Full Member
***
Posts: 121


« Reply #6 on: August 11, 2010, 02:01:54 pm »

Agree with Steven. If you want good risk analysis, you will need to open up.
Logged
Maxi-Pedia Forum
   

 Logged
Pages: [1]
  Print  
 
Jump to:  

Page created in 0.078 seconds with 21 queries. (Pretty URLs adds 0s, 0q)