Top 10 information security bloggers in 2014

If you want to stay on top of cybersecurity / information security news and insights, here are the blogs that I found the most useful. I listed here only the blogs written by independent authors (blogs that were not edited by an editorial team), and I listed them in alphabetical …

Read More ...

Risk assessment vs. internal audit in ISO 27001 and ISO 22301

Quite often I see people searching for ISO 27001 or ISO 22301 checklists for performing the internal audit; however, they expect those checklists to help them with, e.g., which information does the organization have, who has access to it, how is it protected, how confidential is it, etc. The problem is – …

Read More ...

Who should be your project manager for ISO 27001/ISO 22301?

If you’re planning to start your ISO 27001 and/or ISO 22301 project, you’re probably wondering who could lead such a complex project – what type of person do you need, with which authorities, and should you go with someone in-house or someone from the outside? First of all, don’t even …

Read More ...

Records management in ISO 27001 and ISO 22301

In the beginning of ISO 27001 or ISO 22301 implementation, records might seem like one of those bureaucratic requirements of these standards with no real purpose, and that will only take up your time. However, chances are you already have many records that can be used, and the ones you’ll have to …

Read More ...

Will a piece of paper stop the attackers?

There are many skeptics who do not believe ISO 27001 can help protect their information and/or information systems; one of their main arguments is: “Writing a policy or a procedure surely won’t help against someone who wants to steal your information.” And I agree with them – simply writing a …

Read More ...

How to structure the documents for ISO 27001 Annex A controls

Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to ISO 27001 Annex A. But, which documents should you write? How do you structure them? Which one do you begin with? Here’s what I found to be …

Read More ...

When to use tools for ISO 27001/ISO 22301 and when to avoid them

If you’re starting to implement complex standards like ISO 27001 or ISO 22301, you’re probably looking for a way to make your job easier. Who wouldn’t? After all, reinventing the wheel doesn’t sound like a very interesting job. So, you start looking for some tool to help you with these information …

Read More ...

List of free ISO 27001 and ISO 22301 resources

As you probably noticed, we recently launched the redesigned 27001Academy website; what you may not have noticed are all the free resources we offer on the website. Here they are: Basic explanation of ISO 27001 and ISO 22301: Simple explanation of these standards that provides a foundation for further learning. Ideal …

Read More ...

How detailed should the ISO 27001 documents be?

When starting to write a policy or a procedure, you’re probably puzzled as to how lengthy it should be. And the truth is, ISO 27001 (as well as other ISO standards like ISO 20000, ISO 9001, ISO 14001 and others) are very flexible in this respect. They basically allow you the freedom to …

Read More ...

8 criteria to decide which ISO 27001 policies and procedures to write

If you’re just starting to implement ISO 27001 in your company, you’re probably in a dilemma as to how many documents you need to have, and whether to write certain policies and procedures or not. Criteria for deciding what to document Well, the first step is easy – you need to check …

Read More ...

How to become an ISO 27001 / ISO 22301 consultant

If you are thinking about a career change, becoming an independent consultant for ISO 27001 and/or ISO 22301 certainly sounds like an attractive option. But what do you need to know, and what do you need to have to start your own consultancy? Focus on ISO 27001 or ISO 22301? In my …

Read More ...

How to maintain the ISMS after the certification

If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with your Information Security Management System (ISMS) has just begun. OK, but where do you start? The good news is that you already have all the directions in your documentation, but …

Read More ...

6-step process for handling supplier security according to ISO 27001

Since more and more data is being processed and stored with third parties, the protection of such data is becoming an increasingly significant issue for information security professionals – it’s no wonder that the new 2013 revision of ISO 27001 has dedicated one whole section of Annex A to this …

Read More ...

Lead Auditor Course vs. Lead Implementer Course – Which one to go for?

If you are just entering the world of ISO 27001 or ISO 22301, you’re probably considering going for some training. This is certainly a good idea; however, which course is better for you – Lead Auditor Course, or Lead Implementer Course? Everything you’ll read in this article is valid not …

Read More ...

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.