CISA vs. ISO 27001 Lead Auditor certification
Rhand Leal
In a previous post, I talked about personal certifications helping the organization to comply with ISO 27001 clause 7.2 (see this...
In a previous post, I talked about personal certifications helping the organization to comply with ISO 27001 clause 7.2 (see this post How personal certificates can help your company’s ISMS). In today’s post, I will show...
Understanding ISO 27001 Language
One of the main rules of good communication is to adjust your speech to the target audience. ISO 27001 has...
One of the main rules of good communication is to adjust your speech to the target audience. ISO 27001 has its own set of terms, useful to leverage the understanding between security practitioners. However, an...
Achieving continual improvement through the use of maturity models
Like any other ISO management system, ISO 27001 has a requirement for continual improvement (clause 10.2). It is like that because...
Like any other ISO management system, ISO 27001 has a requirement for continual improvement (clause 10.2). It is like that because no process, no matter how well established and implemented, compliant with ISO standards or not,...
Special interest groups: A useful resource to support your ISMS
An Information Security Management System (ISMS) is only as good as its ability to keep up with the requirements of...
An Information Security Management System (ISMS) is only as good as its ability to keep up with the requirements of the business and provide adequate protection against the risks the organization is exposed to. To...
How personal certificates can help your company’s ISMS
One of the greatest challenges in managing information security is assuring that people can handle information and execute security activities...
One of the greatest challenges in managing information security is assuring that people can handle information and execute security activities in a proper manner. Unprepared and untrained people can pose a risk to information, and...
Risk appetite and its influence over ISO 27001 implementation
Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those...
Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those must include criteria for risk acceptance. Since these criteria have direct influence on how organizational...
