• (0)
    ISO-27001-ISO-22301-blog

    All posts by: Rhand Leal

    Qualitative vs. quantitative risk assessments in information security: Differences and similarities
    In the risk assessment process, one common question asked by organizations is whether to go with a quantitative or a...
    In the risk assessment process, one common question asked by organizations is whether to go with a quantitative or a qualitative approach. The good news is that by using both approaches you can, in fact,...
    How to identify ISMS requirements of interested parties in ISO 27001
    “If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in...
    “If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in the movie Forrest Gump describes perfectly why many projects fail: lack of clear requirements. Definition...
    How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC)
    Information security is only as good as the processes related to it, yet we find many organizations concerned only about...
    Information security is only as good as the processes related to it, yet we find many organizations concerned only about whether security features exist and are active in their information systems, and not how they...
    How two-factor authentication enables compliance with ISO 27001 access controls
    Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security...
    Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security at all. Because of that, access control stays in the main focus of security teams...
    Enabling communication during disruptive incidents according to ISO 22301
    Disasters and disruptive business incidents push people and organizations to their limits, and one of the first impacted elements are...
    Disasters and disruptive business incidents push people and organizations to their limits, and one of the first impacted elements are communication systems. Depending on incident type and magnitude, increased demand for communication, or communication infrastructure...
    Beyond the BCM Manager: Additional roles to consider during the disruptive incident
    A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this,...
    A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this, many of them adopt business continuity practices, such as Business Continuity Management Systems (BCMS) based...