ISO 22301 vs. BS 25999-2 – An Infographic
Dejan Kosutic
A new business continuity standard (ISO 22301) was published very recently, so I’ve decided to compare this new standard with...
A new business continuity standard (ISO 22301) was published very recently, so I’ve decided to compare this new standard with the old BS 25999-2 standard. Feel free to add comments below! __ Click here...
Top 10 information security blogs
There is a huge amount of information about information security on the Internet, so it is really difficult to stay...
There is a huge amount of information about information security on the Internet, so it is really difficult to stay informed about really relevant stuff. This is why I made this list – I wanted...
The documentation myth – Why the templates are not enough?
I noticed that many people running ISO 27001 projects who have downloaded documentation templates think “I have the templates now...
I noticed that many people running ISO 27001 projects who have downloaded documentation templates think “I have the templates now – the rest is easy. I’ll write a few documents, show them to auditor, and...
ISO 27001 control objectives – Why are they important?
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers...
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers on the subject of management theory) said “What gets measured gets managed”. The same goes...
Lessons learned from ISO 27001 implementation
Many readers of this blog asked me to present a real-life experience of ISO 27001 implementation in a company. Since...
Many readers of this blog asked me to present a real-life experience of ISO 27001 implementation in a company. Since I would be too subjective if I started writing my own impressions, I decided to...
Do you really need a consultant for ISO 27001 / BS 25999 implementation?
I’ve met quite a few companies considering how to start their ISO 27001 / BS 25999 project, with quite different...
I’ve met quite a few companies considering how to start their ISO 27001 / BS 25999 project, with quite different approaches – some are convinced they can do it completely on their own (with no...
What is cybersecurity and how can ISO 27001 help?
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but...
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but at least the general idea is pretty much the same. However, when it comes to...
Activation procedures for business continuity plan
Having a business continuity plan is nice, but if you don’t know when and how to start using it, the...
Having a business continuity plan is nice, but if you don’t know when and how to start using it, the money you’ve invested in it was spent in vain. Even worse, you’ll likely lose quite...
How to deal with insider threats?
“Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this...
“Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this quite often when speaking to my clients about which security controls they should apply. And...
Is it possible to calculate the Return on Security Investment (ROSI)?
If you are an information security or business continuity professional, then you’re probably aware of the most difficult part of...
If you are an information security or business continuity professional, then you’re probably aware of the most difficult part of your job: to convince your management that investment in information security/business continuity makes sense. Traditionally,...
Cloud computing and ISO 27001 / BS 25999
More and more often people ask me how to deal with cloud computing in the context of ISO 27001 and...
More and more often people ask me how to deal with cloud computing in the context of ISO 27001 and BS 25999. My answer is: use common sense. Their dilemma is quite understandable – these...
Management’s view of information security
If you think your management doesn’t have a clue what information security is all about, keep in mind that misunderstanding...
If you think your management doesn’t have a clue what information security is all about, keep in mind that misunderstanding usually goes both ways: management often thinks you have no idea about what is appropriate...
Does ISO 27001 mean that information is 100% secure?
You have probably heard that important web services like Reddit, HootSuite, Quora, Foursquare etc. have recently suffered a quite lengthy...
You have probably heard that important web services like Reddit, HootSuite, Quora, Foursquare etc. have recently suffered a quite lengthy outage – what you also probably know is that this outage was caused by Amazon...
Business continuity for small businesses – necessity or not?
Does it make sense to implement business continuity in smaller companies? Why would they need something as costly as this...
Does it make sense to implement business continuity in smaller companies? Why would they need something as costly as this if the owner of the business has all the necessary information in his/her head? Let...
The biggest shortcomings of ISO 27001
If you’ve been reading my blog, you probably think I’m convinced ISO 27001 is the most perfect document ever written....
If you’ve been reading my blog, you probably think I’m convinced ISO 27001 is the most perfect document ever written. Actually, that’s not true – working with my clients and teaching on the subject, usually...
5 greatest myths about ISO 27001
Very often I hear things about ISO 27001 and I don’t know whether to laugh or cry over them. Actually...
Very often I hear things about ISO 27001 and I don’t know whether to laugh or cry over them. Actually it is funny how people tend to make decisions about something they know very little...
Lessons learned from WikiLeaks: What is exactly information security?
Nowadays WikiLeaks is a hot story for a good reason – it is not very common for confidential documents of...
Nowadays WikiLeaks is a hot story for a good reason – it is not very common for confidential documents of the world’s most powerful government to be published on the Internet. And some of these...
How to learn about ISO 27001 and BS 25999-2
Training is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are...
Training is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are more and more types of courses available, I’ll try to explain their benefits and the...
BS 25999-2 implementation checklist
Your management has given you the task to implement business continuity, but you’re not really sure how to do it?...
Your management has given you the task to implement business continuity, but you’re not really sure how to do it? Although it is not an easy task, you can use the BS 25999-2 methodology to...
Disaster recovery vs. business continuity
Updated: December 15, 2023. Has it ever happened to you that your management has given you the responsibility to implement...
Updated: December 15, 2023. Has it ever happened to you that your management has given you the responsibility to implement business continuity just because you are in the IT department? Why is business continuity usually...
