SBS - The best value in QMS software

Security Gap Assessment Methodology based on ISO 27001 or COBIT

S

starlety

#1
#1
Hi guys,

Do any of you have a methodology for security gap assessement that base on 27001 or COBIT ? I have the template for gap analaysis but not on the methodology portion.

Thanks,
 
Standard Work Instruction Software by Dozuki
Elsmar Forum Sponsor
Richard Regalado

Richard Regalado

Trusted Information Resource
#2
#2
starlety said:
Hi guys,

Do any of you have a methodology for security gap assessement that base on 27001 or COBIT ? I have the template for gap analaysis but not on the methodology portion.

Thanks,
Click to expand...
Hi starlety. When I perform gap analysis I used a template based on ISO 27001 and ISO 27002. Basically, I want to know the "gaps", what is in place, what needs to be done. There are organizations who wants to know how they measure up in relation to the requirements of ISO 27001. Still some wants to know how they measure up in relation to the 133 controls.

The methodology I use is based on ISO 19011. Plan for the gap assessment, identify the scope, determine the number of man-days and resources needed, conduct interviews, observe how they do things, verify documentation and records, conduct a closing meeting and submit a report.

Some organizations wants a more technical approach in the gap analysis. For these clients, I have to include either a vulnerability assessment or penetration testing or both.

Cheers!
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M Sample ISO 27001 and 'PCI Security Standard' Gap Analysis Report Other ISO and International Standards and European Regulations 2
_robinsingh Security Risk Assessment Tool IEC 27001 - Information Security Management Systems (ISMS) 0
Richard Regalado Automotive News TISAX - VDA ISA (information security assessment) VDA Standards - Germany's Automotive Standards 5
Marc Security in Health Industry Software - February 2020 IEC 27001 - Information Security Management Systems (ISMS) 0
C Security and access in cGMP facilities Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
A Bookmarking my security protected IEC 60601-1 .pdf file IEC 60601 - Medical Electrical Equipment Safety Standards Series 16
M Informational TGA – Medical device cyber security guidance for industry Medical Device and FDA Regulations and Standards News 0
Z Security for Approvals - Cloud based Complaint, NC, and CAPA systems Qualification and Validation (including 21 CFR Part 11) 8
M How To Define ISMS (information Security Management System) Scope IEC 27001 - Information Security Management Systems (ISMS) 18
R Validation of mobile app and cloud servers for data security IEC 62304 - Medical Device Software Life Cycle Processes 4
S In a risk analysis, how can we tie mobile app security breach to ISO 14971? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
A Integration of Information Security in an existent Integrated Management System IEC 27001 - Information Security Management Systems (ISMS) 4
P Do we need equipment stock control for security company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
Paul Simpson Does Knowledge Management include aspects of Information Security? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
N Anyone working on NIST SP 800-171 (Network and Information Security)? Records and Data - Quality, Legal and Other Evidence 4
R Internal Audit of Information Security and Data Protection Internal Auditing 6
A How to rollout Security Awarness at Project Level in the Organisation IEC 27001 - Information Security Management Systems (ISMS) 1
K ISO/IEC 27000, ISO 15408 and the DSS security clearance (FCL) -- Oh, My IEC 27001 - Information Security Management Systems (ISMS) 0
Sidney Vianna Sector specific Information Security ISO Management System Standards IEC 27001 - Information Security Management Systems (ISMS) 1
R Training in Cyber Security Training - Internal, External, Online and Distance Learning 2
H ISMS (information security management system) Manual ISO27001:2013 Example wanted IEC 27001 - Information Security Management Systems (ISMS) 6
A Creating a policy to evaluate the Third Party Security IEC 27001 - Information Security Management Systems (ISMS) 4
N Computer System Access and Security Procedure example wanted 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
R Medical Device Cyber Security Third Party Review Other US Medical Device Regulations 6
A Medical Device Testing for Airport Security US Food and Drug Administration (FDA) 5
V 510(K) Cyber Security Documentation for Pre-market Submission (Templates) Other US Medical Device Regulations 6
Q ISO 9001 Requirement Dilemma - Security Aspects Quality Management System (QMS) Manuals 14
M Does anyone here have experience implementing PCI DSS (Data Security Standard) IEC 27001 - Information Security Management Systems (ISMS) 10
Richard Regalado 2014 Information Security Breaches Survey by PWC IEC 27001 - Information Security Management Systems (ISMS) 1
Jim Wynne Windows 8.1: No Security Updates Without Update 1 After Work and Weekend Discussion Topics 4
R Security Standard referred to as TAPA (Transported Asset Protection Association) Other ISO and International Standards and European Regulations 1
Colin Objectives Form - Format for Documenting Information Security Objectives IEC 27001 - Information Security Management Systems (ISMS) 2
L Implementing ISO 27001 A12.1.1 Security Requirements Analysis and Specification IEC 27001 - Information Security Management Systems (ISMS) 2
R Who is regulating Security Alarm Codes? Coffee Break and Water Cooler Discussions 8
D Please help for the CISSP (Certified Information Systems Security Professional) Exam Professional Certifications and Degrees 2
AnaMariaVR2 ISO 22322 & ISO 22324 - Societal security ? Emergency Management Other ISO and International Standards and European Regulations 0
L A 6.1.8 Independent review of information security question IEC 27001 - Information Security Management Systems (ISMS) 1
T Has anyone done both Quality and Facility Security Officer (FSO) roles ? Career and Occupation Discussions 8
R ISO 13485 - Security and Control of ERP System ISO 13485:2016 - Medical Device Quality Management Systems 1
B Lessons Learnt template - Information Security Management System Experiences Document Control Systems, Procedures, Forms and Templates 1
M Business Case for ISMS (Information Security Management System) IEC 27001 - Information Security Management Systems (ISMS) 1
D U.S. Department of Commerce, Bureau of Industry and Security survey Various Other Specifications, Standards, and related Requirements 1
Marc Security holes enable attackers to switch off pacemakers World News 3
R ISO 27001 A.8.2.2 Information Security Awareness, Education and Training IEC 27001 - Information Security Management Systems (ISMS) 10
K Effectiveness of ISMS (Information Security Management System) Controls Measurement IEC 27001 - Information Security Management Systems (ISMS) 3
A ISMS (Information Security Management System) Policy vs. Information Security Policy IEC 27001 - Information Security Management Systems (ISMS) 1
T ISMS (Information Security Management System) Task Flow Chart in 'Detail' IEC 27001 - Information Security Management Systems (ISMS) 7
B Property Management and Physical Security Plans Business Continuity & Resiliency Planning (BCRP) 5
T Information System Security (infosec) Incident Form - Looking for samples IEC 27001 - Information Security Management Systems (ISMS) 4
Richard Regalado Information Security Joke on Password Management Funny Stuff - Jokes and Humour 4

Similar threads

Top Bottom