Show me desktop version
CALL US +1 (646) 759 9933

How can ISO 27001 and ISO 22301 help with critical infrastructure protection?

The European Council Directive 2008/114/EC of December 8, 2008, is a European Directive for the identification and designation of critical European infrastructures and the assessment of the need to improve their protection. It states: Critical infrastructure means an asset, system or part thereof … which is essential for the maintenance …

Read More ...

How to use Scrum for the ISO 27001 implementation project

Scrum is a framework, based on the Agile method, mainly used in software development. Originally, it was developed for complex product development, and there are many companies in the world that currently use this framework for various projects. Due to the three basic pillars of Scrum (i.e., transparency, inspection, and …

Read More ...

How to manage the security of network services according to ISO 27001 A.13.1.2

Everybody knows that information is stored in information systems (workstations, laptops, smartphones, etc.), but to exchange the information via a network is necessary. Most of the information systems in this world are connected to the same main network – Internet – and, without this network, our society would look pretty …

Read More ...

How ISO 27001 and ISO 27799 complement each other in health organizations

More and more hospitals are interested in protecting their patient information, but they see ISO 27001 as not being specific enough. Although it covers many general aspects about information security, you can integrate it with other standards to cover specific aspects – for example, ISO 27799 for the protection of personal …

Read More ...

How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 2

As I mentioned in my previous article How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 1, having good solution software to protect the information security is not enough to protect your organization’s information; we must also set up physical security controls to protect the equipment. …

Read More ...

How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 1

Most of the companies today have controls to protect themselves from malicious software (viruses, trojans, etc.), to prevent employees from accessing malicious sites (filtering addresses through proxy servers), or to encrypt information when it is sent/received through email. However, I often find companies that neglect the physical protection of equipment, …

Read More ...

Implementing restrictions on software installation using ISO 27001 control A.12.6.2

Currently, in all companies around the world, it is necessary to install software (operating systems, office applications, financial applications, applications development, etc.). But, in general, the installation of this software is not sufficiently controlled, which can lead to certain risks. ISO 27001:2013 can help these companies with the implementation of an Information …

Read More ...

How to use penetration testing for ISO 27001 A.12.6.1

A famous historical hacker, Kevin Mitnick, said on one occasion: “I get hired by companies to hack into their systems and break into their physical facilities to find security holes. Our success rate is 100%; we have always found a hole.” So, probably the question now on your mind is …

Read More ...

How to use the cryptography according to ISO 27001 control A.10

Today, information travels constantly from one part of the world to another through email, online transactions, USB flash drives, and external hard drives. Outside the facilities of the organization, the information is in many places, such as ISP servers, routers, switches, external suppliers, carries and more, before arriving at its …

Read More ...

Logging and monitoring according to ISO 27001 A.12.4

It’s easy in “peaceful” times, but when security incidents arise – you need to start from somewhere. And you need to start by finding out what exactly has happened, where, who caused the incident, etc. This is why logs are needed, and you need to monitor them – this is …

Read More ...

How to handle incidents according to ISO 27001 A.16

One of the issues that most concern managers of an organization is that their employees (although employees are not the only source of incidents, but also clients, providers, etc.) be able to work without any incident. However, this is practically impossible, because the people are not perfect, and therefore neither …

Read More ...

How to manage changes in an ISMS according to ISO 27001 A.12.1.2

Changes are necessary in the information technology sector, mainly because every so often it is necessary to update servers, systems, etc. But risks (seen from an information security point of view) arise when changes are performed in an uncontrolled way, i.e., confidentiality, integrity, and availability of systems, applications, information… could …

Read More ...

ISO 27001 vs. ISO 27032 cybersecurity standard

There are many standards in the ISO 27001 series, all related to security.  You probably don’t know much about ISO 27032:2012 because it is not as well-known as ISO 27001, ISO 27002, or ISO 22301, but it is near you, because it has to do with a place that you …

Read More ...

Which questions will the ISO 27001 certification auditor ask?

If you’re going to go through the process of an ISO 27001 certification audit in your company, surely you have wondered – What will the auditor ask me? And you know what? The auditor also has questions for himself, for example: What type of answers I will receive? Most auditors …

Read More ...
FREE ISO 27001/22301 CONSULTATION
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera

GET FREE ADVICE

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301
Wednesday - January 17, 2018

OUR CLIENTS

OUR PARTNERS

  • Exemplar Global (formerly RABQSA) is leading international authority in certification of training providers.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933