Understanding IT disaster recovery according to ISO 27031

Section A.17.1 of Annex A of ISO 27001 has as its objective that an organization shall embed information security continuity in its business continuity management systems. To support that, this section provides controls related to business continuity procedures (BCPs), recovery plans and redundancies. However, like all management system standards, ISO 27001 describes only what …

Read More ...

How to write an easy-to-use BYOD policy compliant with ISO 27001

One would expect that ISO 27001, the leading information security standard, would have strict requirements regarding BYOD. However, you would be surprised – such requirements do not exist, and what’s more, neither BYOD nor Bring Your Own Device is ever mentioned in the standard. BYOD is, of course, unavoidable in …

Read More ...

How to handle access control according to ISO 27001

Access control is usually perceived as a technical activity that has to do with opening accounts, setting passwords, and similar stuff – and it is true: access control does include all these things, but access control doesn’t begin as a technical thing. It begins as a business decision. Let’s see …

Read More ...

How to make your investment in ISO 27001 profitable

Nothing motivates executives more than profits; so, if you’re proposing your ISO 27001 project to your top management, you should figure out how this project can increase the profit of your company. “But how?” you may be wondering. “Profit cannot be created with this kind of a project; there are …

Read More ...

Applicability of ISO 27001 across industries

People often mistake ISO 27001 for an IT standard, as something that is applicable to the IT industry only. And they are partially right – lots of IT companies are going for ISO 27001 because they see it as good for their businesses. However, this is only half of the story …

Read More ...

Infographic: The brain of an ISO auditor – What to expect at a certification audit

  If your company is going for the ISO certification (e.g., ISO 9001, ISO 14001, OHSAS 18001, ISO 20000, ISO 22000, ISO 22301, or ISO 27001), you’re probably not very happy about it – certification auditors are usually perceived as persons who are not very open minded and who will …

Read More ...

How to use ISO 22301 for the implementation of business continuity in ISO 27001

One of the biggest mysteries in ISO 27001 implementation is the Annex A section A.17, which speaks about business continuity management. How does business continuity relate to information security, and why is it included in ISO 27001? Unfortunately, ISO 27001 does not provide much detail when it comes to business continuity. …

Read More ...

The shortest path to getting ISO 27001 certified as a business

Getting ISO 27001 certified doesn’t mean you can knock on the door of the certification body and ask them to give you a certificate – there are many things you have to prepare in order to get your certificate. It is true that this is a rather complex process, so …

Read More ...

8 Security Practices to Use in Your Employee Training and Awareness Program

This might be hard to believe, but it is true: 59% of data breaches are happening not because of some smart hacker who wants to do harm to your company; those breaches are happening because of your own employees. As I’ve argued in my article How a change in thinking …

Read More ...

How a change in thinking can stop 59% of security incidents

According to Experian 2015 Second Annual Data Breach Industry Forecast, the largest number of security incidents are happening because of human error and malicious insiders: “… the majority of data breaches originate inside company walls. Employees and negligence are the leading cause of security incidents but remain the least reported …

Read More ...

Small business guide to cyber security: 6 steps against the data breach

Lately we’ve seen many large companies getting hacked: Anthem, Sony, and Target to name just a few. The number of data breaches increased 27.5% in 2014, so measures against these types of security incidents are on the rise in large companies. How about small businesses? Do they really stand a …

Read More ...

How to perform business continuity exercising and testing according to ISO 22301

Exercising and testing of business continuity plans is quite a controversial topic – some people say that it costs too much, while others maintain that it has no purpose because they cannot perform the full testing, anyway. Well, both of these might be true, but the fact is: without exercising …

Read More ...

2014 Data Breaches in the United States

Read More ...

Explanation of the basic terminology in ISO standards

Updated 2015-12-11: Number of mandatory clauses When I deliver various trainings for ISO 27001 and ISO 22301, it always turns out that one of the hottest topics is about which policies and procedures need to be documented, and which do not. Of course, there are some other heated discussions as well, …

Read More ...

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.