Top 10 information security bloggers in 2014
Dejan Kosutic
If you want to stay on top of cybersecurity / information security news and insights, here are the blogs that...
If you want to stay on top of cybersecurity / information security news and insights, here are the blogs that I found the most useful. I listed here only the blogs written by independent authors...
Who should be your project manager for ISO 27001/ISO 22301?
If you’re planning to start your ISO 27001 and/or ISO 22301 project, you’re probably wondering who could lead such a...
If you’re planning to start your ISO 27001 and/or ISO 22301 project, you’re probably wondering who could lead such a complex project – what type of person do you need, with which authorities, and should...
Records management in ISO 27001 and ISO 22301
In the beginning of ISO 27001 or ISO 22301 implementation, records might seem like one of those bureaucratic requirements of these standards...
In the beginning of ISO 27001 or ISO 22301 implementation, records might seem like one of those bureaucratic requirements of these standards with no real purpose, and that will only take up your time. However, chances are...
Will a piece of paper stop the attackers?
There are many skeptics who do not believe ISO 27001 can help protect their information and/or information systems; one of...
There are many skeptics who do not believe ISO 27001 can help protect their information and/or information systems; one of their main arguments is: “Writing a policy or a procedure surely won’t help against someone...
How to structure the documents for ISO 27001 Annex A controls
Updated: April 19, 2023, according to the ISO 27001 2022 revision. Once you’ve finished your risk assessment and treatment, it...
Updated: April 19, 2023, according to the ISO 27001 2022 revision. Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to...
How to create a Communication Plan according to ISO 27001
Jean-Luc Allard
Communicating is a key activity for any human being. This is also the case for an organization. It helps through...
Communicating is a key activity for any human being. This is also the case for an organization. It helps through exchanging the most correct information to the best audience and at the best moment. It...
How personal certificates can help your company’s ISMS
Rhand Leal
One of the greatest challenges in managing information security is assuring that people can handle information and execute security activities...
One of the greatest challenges in managing information security is assuring that people can handle information and execute security activities in a proper manner. Unprepared and untrained people can pose a risk to information, and...
List of free ISO 27001 and ISO 22301 resources
As you probably noticed, we recently launched the redesigned 27001Academy website; what you may not have noticed are all the...
As you probably noticed, we recently launched the redesigned 27001Academy website; what you may not have noticed are all the free resources we offer on the website. Here they are: Basic explanation of ISO 27001 and...
How detailed should the ISO 27001 documents be?
When starting to write a policy or a procedure, you’re probably puzzled as to how lengthy it should be. And...
When starting to write a policy or a procedure, you’re probably puzzled as to how lengthy it should be. And the truth is, ISO 27001 (as well as other ISO standards like ISO 20000, ISO 9001, ISO...
Risk appetite and its influence over ISO 27001 implementation
Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those...
Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those must include criteria for risk acceptance. Since these criteria have direct influence on how organizational...
8 criteria to decide which ISO 27001 policies and procedures to write
If you’re just starting to implement ISO 27001 in your company, you’re probably in a dilemma as to how many documents you...
If you’re just starting to implement ISO 27001 in your company, you’re probably in a dilemma as to how many documents you need to have, and whether to write certain policies and procedures or not. Criteria for...
How to become an ISO 27001 / ISO 22301 consultant
If you are thinking about a career change, becoming an independent consultant for ISO 27001 and/or ISO 22301 certainly sounds like an...
If you are thinking about a career change, becoming an independent consultant for ISO 27001 and/or ISO 22301 certainly sounds like an attractive option. But what do you need to know, and what do you need to...
How to maintain the ISMS after the certification
If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with...
If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with your Information Security Management System (ISMS) has just begun. OK, but where do you start?...
6-step process for handling supplier security according to ISO 27001
Updated: March 22, 2023, according to the ISO 27001 2022 revision. Since more and more data is being processed and...
Updated: March 22, 2023, according to the ISO 27001 2022 revision. Since more and more data is being processed and stored with third parties, the protection of such data is becoming an increasingly significant issue...
Lead Auditor Course vs. Lead Implementer Course – Which one to go for?
If you are just entering the world of ISO 27001 or ISO 22301, you’re probably considering going for some training....
If you are just entering the world of ISO 27001 or ISO 22301, you’re probably considering going for some training. This is certainly a good idea; however, which course is better for you – Lead...
