Running a business on your own these days is practically impossible. Maintaining high levels of performance in every aspect of your business to stay competitive means draining precious resources that would be better invested in business growth and diversification. Thus, using suppliers becomes an attractive alternative. But, while suppliers are …
Read More ...In the article How to define the ISMS scope we show that scope definition of an Information Security Management System (ISMS) requires clear understanding about what to protect to minimize risks of information compromise, and servers implemented in cloud environments are an extra challenge in this critical step of the …
Read More ...DFARS 7012 is an example of how customers’ concerns about protecting their information in the custody of suppliers and outsourced services has led to the establishment of ever more complex security requirements for those who wish to work with them. And, this increase in customer compliance demands has also increased …
Read More ...The availability of resources is a critical point in any endeavor. You can have the best ideas and the best intentions, but if you lack resources you are doomed to failure. So, it may seem strange that ISO 27001, the leading ISO standard for implementation of Information Security Management Systems, …
Read More ...Allowing employees to work away from the office, i.e., outside of the physical premises of the organization (otherwise known as “teleworking”) is becoming a common practice in the way to do business today. The ability to work remotely is seen as both a source of incentive for an employee’s productivity …
Read More ...In the risk assessment process, one common question asked by organizations is whether to go with a quantitative or a qualitative approach. The good news is that by using both approaches you can, in fact, improve your process efficiency towards achieving desired security levels. This article will present the concepts …
Read More ...“If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in the movie Forrest Gump describes perfectly why many projects fail: lack of clear requirements. Definition of requirements is so important that, since 2012, all published ISO management systems standards, including …
Read More ...Information security is only as good as the processes related to it, yet we find many organizations concerned only about whether security features exist and are active in their information systems, and not how they are developed, implemented, maintained, and improved. As a result, many information systems fail to protect …
Read More ...Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security at all. Because of that, access control stays in the main focus of security teams and wrongdoers. Today, simple use of passwords, tokens, or biometrics is not enough to prevent …
Read More ...Disasters and disruptive business incidents push people and organizations to their limits, and one of the first impacted elements are communication systems. Depending on incident type and magnitude, increased demand for communication, or communication infrastructure capability reduction, may render communication impossible, adding more confusion to an already chaotic situation. ISO …
Read More ...A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this, many of them adopt business continuity practices, such as Business Continuity Management Systems (BCMS) based on ISO 22301, to minimize the chances of such events occurring and, if they occur, …
Read More ...Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and processes (e.g., stock exchange operators and air traffic controllers). While this is good to improve productivity, a potential side effect is that these few people may end up gathering excessive …
Read More ...With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data of European citizens are rushing to adapt their operations to new requirements to avoid problems with customers and authorities. With respect to cloud infrastructure services, a particular effort may come …
Read More ...Recently, the ISO (International Standardization Organization) updated ISO 9001, ISO 14001, and ISO 27001 to make easier to use them together. But, how do they interact with practices outside the ISO world? How to integrate COSO, COBIT, and ISO 27001 frameworks. This article will present how ISO 27001 can be …
Read More ...
