Show me desktop version

How to apply information security controls in teleworking according to ISO 27001

Allowing employees to work away from the office, i.e., outside of the physical premises of the organization (otherwise known as “teleworking”) is becoming a common practice in the way to do business today. The ability to work remotely is seen as both a source of incentive for an employee’s productivity …

Read More ...

Should information security focus on asset protection, compliance, or corporate governance?

Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all, this is what the first (2005) revision of ISO 27001, and its predecessor BS 7799-2, also emphasized. These standards required companies to identify all the assets, and then build the …

Read More ...

Qualitative vs. quantitative risk assessments in information security: Differences and similarities

In the risk assessment process, one common question asked by organizations is whether to go with a quantitative or a qualitative approach. The good news is that by using both approaches you can, in fact, improve your process efficiency towards achieving desired security levels. This article will present the concepts …

Read More ...

Business Continuity Management vs. Information Security vs. IT Disaster Recovery

For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and IT Disaster Recovery (IT DR). All three areas have something to do with “security,” “losses,” “disasters,” and “protection.” Read on to learn more about the particular roles of disciplines often …

Read More ...

Aligning information security with the strategic direction of a company according to ISO 27001

There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term “survival” of an Information Security Management System (ISMS) in a company: this is the requirement from clause 5.1 that says that top management needs to ensure that the information security …

Read More ...

How to manage the security of network services according to ISO 27001 A.13.1.2

Everybody knows that information is stored in information systems (workstations, laptops, smartphones, etc.), but to exchange the information via a network is necessary. Most of the information systems in this world are connected to the same main network – Internet – and, without this network, our society would look pretty …

Read More ...

How to identify ISMS requirements of interested parties in ISO 27001

“If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in the movie Forrest Gump describes perfectly why many projects fail: lack of clear requirements. Definition of requirements is so important that, since 2012, all published ISO management systems standards, including …

Read More ...

EU GDPR controller vs. processor – What are the differences?

One of the questions that raised the most doubts in the organizations that I have worked with is: “In the scope of the EU GDPR (European General Data Protection Regulation), what is our responsibility in relation to the personal data that our customers handle in the scope of their business …

Read More ...

How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC)

Information security is only as good as the processes related to it, yet we find many organizations concerned only about whether security features exist and are active in their information systems, and not how they are developed, implemented, maintained, and improved. As a result, many information systems fail to protect …

Read More ...

How two-factor authentication enables compliance with ISO 27001 access controls

Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security at all. Because of that, access control stays in the main focus of security teams and wrongdoers. Today, simple use of passwords, tokens, or biometrics is not enough to prevent …

Read More ...

Enabling communication during disruptive incidents according to ISO 22301

Disasters and disruptive business incidents push people and organizations to their limits, and one of the first impacted elements are communication systems. Depending on incident type and magnitude, increased demand for communication, or communication infrastructure capability reduction, may render communication impossible, adding more confusion to an already chaotic situation. ISO …

Read More ...

Organizational resilience according to ISO 22316 – Is this another buzzword?

Both management systems standards on information security (ISO 27001) and business continuity (ISO 22301), while trying to encompass the whole organization, still lack components and dimensions to holistically protect an enterprise. The concept of resilience expands these approaches and enhances the preparedness and development of organizations. Resilience – What’s this? …

Read More ...

Beyond the BCM Manager: Additional roles to consider during the disruptive incident

A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this, many of them adopt business continuity practices, such as Business Continuity Management Systems (BCMS) based on ISO 22301, to minimize the chances of such events occurring and, if they occur, …

Read More ...

What does ISO 27001 Lead Implementer training look like?

The ISMS (Information Security Management System) plays a very important role in every business these days. Since implementation of the ISMS can be a complex process (and usually differs in each industry sector), in order to participate and build this system, a good approach is to learn how to implement …

Read More ...

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
Implementing Business Impact Analysis according to ISO 22301
Wednesday - March 29, 2017
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933