Country
Although digital information has become the generally accepted standard for handling information, there might be situations where organizations still use paper-based information, and this documentation also must be protected according to its sensitivity and importance to the business. While it may be perceived more as a standard related to digital …
Read More ...No environment can be 100% secure. Problems (which can be broadly described as “occurrences” or “deviations”) will happen, but not all problems need to be treated the same way, and this can have a significant impact on the effort, and costs, of security management. This article will present three concepts …
Read More ...Very often, an ISO 27001 implementation project is a multi-level and multidisciplinary endeavor, where personnel involved have different roles and responsibilities as the project progresses. To help clarify and control personnel involvement, many projects make use of the RACI matrix, and in this article, we’ll show one example of how to …
Read More ...In the wake of the increasing concerns over privacy protection, the U.S. state of California passed a new regulation at the end of June of this year to ensure the protection of Californian consumers. Coming into force by January 1, 2020, this law requires new levels of commitment by organizations …
Read More ...As relationships between people and organizations evolve, it is natural for work situations to change. Concluded contracts lead to termination of employment relationships, and opportunities or gaps in roles or functions lead people to relocate to new positions. While organizations normally have processes to accommodate people in these new situations, …
Read More ...Since the release of the 2013 revision of ISO 27001, its clause 4.1 requiring the identification of the organizational context has been causing quite some confusion, because it is rather vague. What must you consider for information security to help achieve business objectives? To cover this topic, ISO 27001, the …
Read More ...A good way to ensure that people are aware of their roles and responsibilities in an organization is by defining policies and procedures to be followed. But this solution has a limitation: they only cover the people who are already working for the organization and have access to information. What …
Read More ...Businesses are full of risks, and organizations should do their best to identify, evaluate, and treat all of them – or at least the most relevant ones. This is called risk management, which can vary from subconscious decisions to fully aware choices based on complex methodologies and data arrangements. But, …
Read More ...“The human factor is the weakest link in the security.” How many times have we already heard this sentence? How many stories have we already heard about security incidents caused by human failure or inaction? In an effort to minimize this situation, organizations all around the world have been working …
Read More ...In a connected world where hundreds of transactions are made every minute, every second your systems are down or inaccessible may represent a significant impact on your organizations’ business. And, while prevention of infrastructure failures is an immediate and obvious concern for decision makers, a more subtle and insidious threat …
Read More ...A number of high-profile corporate and accounting scandals collapsed several big players like Enron and WorldCom, and played havoc on global investment market. In the wake of these scandals, U.S. SOX law was introduced to restore public confidence of financial information released by public organizations. The laws required new levels …
Read More ...Released at the beginning of April 2017 by BSI (the British Standards Institution), the standard BS EN ISO/IEC 27001:2017 is a corrigendum over previous standard BS ISO/IEC 27001:2013. It has raised some concern among organizations with Information Security Management Systems certified against ISO 27001, the leading ISO standard for information …
Read More ...To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may bring benefits like costs savings, and access to expert knowledge and state-of-the-art technology, it can also involve risks related to loss of control over how these processes are performed and …
Read More ...In the Internet environment, big, medium, and small businesses all face similar risks, and many regulatory demands enforce information protection, but differences in resources and knowledge often result in data breaches because of the failure to implement basic security measures. To help handle such situations, the government in the United …
Read More ...
