ISO-27001-ISO-22301-blog

All posts by: Dejan Kosutic

Aligning information security with the strategic direction of a company according to ISO 27001
Advisera Dejan Kosutic Dejan Kosutic
February 20, 2017
Blog
There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term...
There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term “survival” of an Information Security Management System (ISMS) in a company: this is the requirement...
read more
Where does information security fit into a company?
Advisera Dejan Kosutic Dejan Kosutic
October 24, 2016
Blog
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate...
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who...
read more
4 crucial techniques for convincing your top management about ISO 27001 implementation
Advisera Dejan Kosutic Dejan Kosutic
September 12, 2016
Blog
Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to...
Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to work very hard to convince them. Essentially, you need to have two elements to be...
read more
How to prepare for an ISO 27001 internal audit
Advisera Dejan Kosutic Dejan Kosutic
July 11, 2016
Blog
Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless”...
Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless” job is done, the better. But, such a rush will only create problems, and make...
read more
How to document roles and responsibilities according to ISO 27001
Advisera Dejan Kosutic Dejan Kosutic
June 20, 2016
Blog
Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very...
Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very detailed definition of roles and responsibilities. Actually, this is not true. Please don’t get me...
read more
What is the ISO 27001 Information Security Policy, and how can you write it yourself?
Advisera Dejan Kosutic Dejan Kosutic
May 30, 2016
Blog
Update 2022-04-08. The content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001...
Update 2022-04-08. The content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001 – very often, the purpose of this document is misunderstood, and in many cases, people...
read more
Related Products
Conformio
ISO 27001 Compliance Software
Learn more
ISO 27001 Premium Documentation Toolkit
All Policies, Procedures, and Records
Learn more
ISO 27001 Lead Auditor Course
Accredited Online Training by Top Experts
Enroll now
Upcoming free webinar
Advisera Dejan Kosutic
Presenter
Dejan Kosutic
How to Sell ISO Consulting Services
Wednesday – July 05, 2023
Register now
Suggested reading
ISO 27001 2013 vs. 2022 revision – What has changed?
Advisera Dejan Kosutic Dejan Kosutic
October 25, 2022
ISO 27001 and ISO 27002 are being updated during 2022, so there is...
read more
Understanding ISO 27001 Language
Advisera Rhand Leal Rhand Leal
April 20, 2015
One of the main rules of good communication is to adjust your speech...
read more
How to perform training & awareness for ISO 27001 and ISO 22301
Advisera Dejan Kosutic Dejan Kosutic
May 19, 2014
Most of the information security/business continuity practitioners I speak with have the same...
read more

Security Awareness Training

Protect your company’s most valuable information.
Start now