CALL US 1-888-553-2256

Secure equipment and media disposal according to ISO 27001

Think about the following scenarios: Printed documents (e.g., budget drafts, or client’s refused proposals) are no longer needed and used as scratch paper, or accumulated in waiting areas for removal. Defective equipment (e.g., CEO’s tablet, or project team’s notebooks) being discarded by maintenance staff, put directly in the trash, or sold as …

Read More ...

Using ITIL to implement ISO 27001 incident management

Incident management is one of the key processes to ensure the effectiveness of any business operation. With more or less sophistication and maturity, practically any organization has practices in place to deal with undesired events, and some of these were so commonplace that they became industry good practices and the …

Read More ...

Requirements to implement network segregation according to ISO 27001 control A.13.1.3

Think about a house, or office, with only one big space where you can arrange all your loved and precious things the way you think most appropriate. Tempting, isn´t it? The flexibility to use the space and ease of seeing everything right away seems like a big deal. Now, imagine …

Read More ...

ISO 27001 project management: Implementing complex security controls using Work Breakdown Structure (WBS)

What do diverse situations like the Battle of Trafalgar (1805), the Cooley–Tukey FFT algorithm (1965), and the multi-sided market competition have in common? They are all examples of big or complex problems divided into smaller and more manageable pieces to reach a winning solution. This is a strategy called “Divide …

Read More ...

How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1

You have certainly already heard, or lived, this scenario: it is a normal day and the systems are working fine, when suddenly they slow down for no apparent reason or simply stop. User support starts to receive dozens of calls, and the IT staff works hard for hours to put …

Read More ...

How to implement integrated management systems

Recently, we saw the release of new versions of two of the best-known ISO standards: ISO 9001 (requirements for Quality Management Systems) and ISO 14001 (requirements for Environmental Management Systems). Like ISO 22301 and ISO 27001:2013, these standards follow a similar structure, based on Annex SL, Appendix 2 of ISO/IEC Directives (for more …

Read More ...

How to perform monitoring and measurement in ISO 27001

Performance monitoring and measurement are key actions in the maintenance and improvement of any system. (See this article for more information: Achieving continual improvement through the use of maturity models.) ISO 27001 recognizes their importance in clause 9.1 (Monitoring, measurement, analysis and evaluation), defining requirements to be observed when implementing such …

Read More ...

ISO 27001 Certification: What’s next after receiving the audit report?

For those who already run a management system, like an ISMS based on ISO 27001, the certification audit event is already known: the auditor arrives, performs the audit opening, evaluates processes and records, states the result, and elaborates the audit report, closing this phase of the audit process. However, why did …

Read More ...

CISA vs. ISO 27001 Lead Auditor certification

In a previous post, I talked about personal certifications helping the organization to comply with ISO 27001 clause 7.2 (see this post How personal certificates can help your company’s ISMS). In today’s post, I will show you two specific personal certifications (CISA and ISO 27001 Lead Auditor) and how they can …

Read More ...

Understanding ISO 27001 Language

One of the main rules of good communication is to adjust your speech to the target audience. ISO 27001 has its own set of terms, useful to leverage the understanding between security practitioners. However, an organization is more than its security personnel. Top management, middle management, line workers, clients, and many …

Read More ...

Achieving continual improvement through the use of maturity models

Like any other ISO management system, ISO 27001 has a requirement for continual improvement (clause 10.2). It is like that because no process, no matter how well established and implemented, compliant with ISO standards or not, can maintain high levels of performance without continuously making adjustments to adapt to scenario changes. …

Read More ...

Special interest groups: A useful resource to support your ISMS

An Information Security Management System (ISMS) is only as good as its ability to keep up with the requirements of the business and provide adequate protection against the risks the organization is exposed to. To accomplish this, information about the environment must be evaluated constantly, but who will do this? …

Read More ...

How personal certificates can help your company’s ISMS

One of the greatest challenges in managing information security is assuring that people can handle information and execute security activities in a proper manner. Unprepared and untrained people can pose a risk to information, and to business, and they are as dangerous as any other known threats. ISO 27001 requirements …

Read More ...

Risk appetite and its influence over ISO 27001 implementation

Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those must include criteria for risk acceptance. Since these criteria have direct influence on how organizational risks are treated, defining them is critical to make ISO 27001 add value to the …

Read More ...

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM, TL and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.