Antivirus, Application security, Authentication, backdoors, Biometrics, Current threats, cybersecurity, Data breach, Data-security, Digital certificates, Disaster recovery planning, Encryption, filtering, Firewall, Firewalls, Forensics, Hacking, Identity & Access Management, Identity management, Incident response, Information security, Intrusion management, ISA Server, IT security, malware, McAfee, Microsoft patches, Microsoft Security, Password, Patch management, patching, PEN testing, Platform Security, Risk management, Secure Coding, Security Program Management, Security tokens, Single sign-on, Spyware, SSL, SSL/TLS, Symantec, Trojans, User Permissions, Veritas, Viruses, vulnerability management, Web security, Windows Security, worms VIEW ALL TAGS
Hello, I'm a student at UAT and am attempting to find out what would the best way be to implement ISO 27001 framework from the ground up. Has anyone here set it up from nothing, and what recommendations do you have starting this up?
Can a company do an ISO 17799/27001 certification in-house or does it require a third party to come in and do it? what about after that - are recertifications required or can that be done in house with an internal auditor?