• (0)
    ISO-27001-ISO-22301-blog

    All posts by: Dejan Kosutic

    Aligning information security with the strategic direction of a company according to ISO 27001
    There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term...
    There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term “survival” of an Information Security Management System (ISMS) in a company: this is the requirement...
    Where does information security fit into a company?
    Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate...
    Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who...
    4 crucial techniques for convincing your top management about ISO 27001 implementation
    Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to...
    Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to work very hard to convince them. Essentially, you need to have two elements to be...
    How to prepare for an ISO 27001 internal audit
    Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless”...
    Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless” job is done, the better. But, such a rush will only create problems, and make...
    How to document roles and responsibilities according to ISO 27001
    Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very...
    Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very detailed definition of roles and responsibilities. Actually, this is not true. Please don’t get me...
    What is the ISO 27001 Information Security Policy, and how can you write it yourself?
    Update 2022-04-08. The content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001...
    Update 2022-04-08. The content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001 – very often, the purpose of this document is misunderstood, and in many cases, people...