Beyond the BCM Manager: Additional roles to consider during the disruptive incident
A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this,...
A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this, many of them adopt business continuity practices, such as Business Continuity Management Systems (BCMS) based...
Segregation of duties in your ISMS according to ISO 27001 A.6.1.2
Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and...
Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and processes (e.g., stock exchange operators and air traffic controllers). While this is good to improve...
Data Privacy Protection, ISO 27001 and CISPE Code of Conduct
With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data...
With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data of European citizens are rushing to adapt their operations to new requirements to avoid problems...
How to integrate COSO, COBIT, and ISO 27001 frameworks
Recently, the ISO (International Standardization Organization) updated ISO 9001, ISO 14001, and ISO 27001 to make easier to use them...
Recently, the ISO (International Standardization Organization) updated ISO 9001, ISO 14001, and ISO 27001 to make easier to use them together. But, how do they interact with practices outside the ISO world? How to integrate...
Network segregation in cloud environments according to ISO 27017
In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation...
In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation according to ISO 27001 control A.13.1.3), and while the concepts presented there are still valid...
How to use ISO 27017 to manage legal risks related to geographical location
Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer...
Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer and a network connection to work with data, applications, and resources. While from user’s point...