Show me desktop version

tn_195_0

How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 2

As I mentioned in my previous article How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 1, having good solution software to protect the information security is not enough to protect your organization’s information; we must also set up physical security controls to protect the equipment. …

Read More ...
tn_194_0

How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 1

Most of the companies today have controls to protect themselves from malicious software (viruses, trojans, etc.), to prevent employees from accessing malicious sites (filtering addresses through proxy servers), or to encrypt information when it is sent/received through email. However, I often find companies that neglect the physical protection of equipment, …

Read More ...
tn_193_0

3 strategies to implement any ISO standard

If you’re considering the implementation of ISO 27001, ISO 9001, ISO 14001, ISO 20000, or any other ISO management standard, you’re probably overwhelmed with various approaches on how to start and finish such project successfully. In my opinion, there are three basic options to implement these standards: (1) do it …

Read More ...
tn_192_0

ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification

One of the most significant changes in the 2013 version of ISO 27001, a worldwide standard for Information Security Management Systems, is that it does not prescribe any approach in the risk assessment anymore. While it still requires the adoption of a process-based risk assessment approach (learn more here: ISO 27001 …

Read More ...
Internal_auditor_training

ISO 27001 Internal Auditor training – Is it good for my career?

With business processes under constant pressure from management, customers, and other interested parties, to protect information exactly as requested, by means of technical specifications, legal requirements, or business objectives, and the greater complexity and sophistication of operations, the use of audit expertise in information security is becoming a critical point …

Read More ...
Role_of_the_BCM_Manager

The challenging role of the ISO 22301 BCM Manager

The Business Continuity Management (BCM) manager plays a pivotal role in the implementation of a BCM approach. As such, the role faces multiple challenges, from both top management and key process owners within the organization. As BCM is considered to be a cost factor in the first place, proper funding and …

Read More ...
Clear_desk_and_clear_screen_policy

Clear desk and clear screen policy – What does ISO 27001 require?

Imagine this scene: an employee at his desk, in an open-plan office, is reviewing on his notebook some data to prepare a report about the last quarter financial results, or the pre-selling performance evaluation of the organization’s newest product. He receives a telephone call from his boss about a quick …

Read More ...
tn_188_0

ISO 27001 vs. ITIL: Similarities and differences

IT services are one of the main pathways for information to flow through organizations, their clients and partners, and as legal and contractual requirements are increasingly including information protection demands (the healthcare industry is an example), these services and their management practices must evolve to adapt to this new scenario. …

Read More ...
tn_187_0

Accreditation vs. certification vs. registration in the ISO world

Things with ISO standards can get really complicated: there are many ISO management standards – the most popular ones are ISO 9001, ISO 14001, ISO 27001, ISO 22301, ISO 20000, etc. – and there are a multitude of ways to get accredited/certified/registered related to those standards. But, that’s not all …

Read More ...
tn_186_0

Implementing capacity management according to ISO 27001:2013 control A.12.1.3

I’m sure you know, but it’s always about meeting agreed SLAs with your customers (internal and/or external) in the most cost-effective manner. Appropriate performance under an acceptable price is the holy grail of any successful business. To run a successful business you need a reasonable business plan, great understanding of …

Read More ...

ISO 27001 & ISO 22301 Free
Downloads

 

Upcoming free webinar
The basics of risk assessment and treatment according to ISO 27001
Wednesday - May 11, 2016
Show posts:
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933