ISO 27001 vs. ISO 27017 – Information security controls for cloud services
Dejan Kosutic
The future of ISO 27017, together with ISO 27018, seems quite bright: they define security standards for today’s fastest-growing industry...
The future of ISO 27017, together with ISO 27018, seems quite bright: they define security standards for today’s fastest-growing industry – cloud computing. This topic is so big and so hot, that these two standards...
Logging according to ISO 27001 A.8.15
Antonio Jose Segovia
Updated: January 21, 2023, according to ISO 27001:2022 revision. It’s easy in “peaceful” times, but when security incidents arise –...
Updated: January 21, 2023, according to ISO 27001:2022 revision. It’s easy in “peaceful” times, but when security incidents arise – you need to start from somewhere. And you need to start by finding out what...
ISO 27018 – Standard for protecting privacy in the cloud
Rhand Leal
Update 2022-04-25. If your company is delivering services in the cloud, you probably have more and more customers asking you...
Update 2022-04-25. If your company is delivering services in the cloud, you probably have more and more customers asking you how their personal data is protected. ISO 27001 is certainly a good way to do it;...
Using ITIL to implement ISO 27001 incident management
Incident management is one of the key processes to ensure the effectiveness of any business operation. With more or less...
Incident management is one of the key processes to ensure the effectiveness of any business operation. With more or less sophistication and maturity, practically any organization has practices in place to deal with undesired events,...
How to implement network segregation according to ISO 27001 control A.13.1.3
Update 2022-09-06. Think about a house, or office, with only one big space where you can arrange all your loved...
Update 2022-09-06. Think about a house, or office, with only one big space where you can arrange all your loved and precious things the way you think most appropriate. Tempting, isn’t it? The flexibility to...
How to handle incidents according to ISO 27001 Annex A
Updated: January 20, 2025, according to the ISO 27001:2022 revision. One of the issues that most concern managers of an...
Updated: January 20, 2025, according to the ISO 27001:2022 revision. One of the issues that most concern managers of an organization is that their employees (although employees are not the only source of incidents, but...
ISO 27001 project management: Implementing complex security controls using Work Breakdown Structure (WBS)
What do diverse situations like the Battle of Trafalgar (1805), the Cooley–Tukey FFT algorithm (1965), and the multi-sided market competition...
What do diverse situations like the Battle of Trafalgar (1805), the Cooley–Tukey FFT algorithm (1965), and the multi-sided market competition have in common? They are all examples of big or complex problems divided into smaller...
How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1
You have certainly already heard, or lived, this scenario: it is a normal day and the systems are working fine,...
You have certainly already heard, or lived, this scenario: it is a normal day and the systems are working fine, when suddenly they slow down for no apparent reason or simply stop. User support starts...
3 phases of delivering an ISO 27001/ISO 22301 consulting job
If you’re an independent consultant at the beginning of your career, you’re probably wondering how to perform your first consulting...
If you’re an independent consultant at the beginning of your career, you’re probably wondering how to perform your first consulting job for ISO 27001 or ISO 22301 implementation. But, don’t worry – here’s what you need...
Understanding IT disaster recovery according to ISO 27031
Rashpal Singh
Last updated on March 11, 2022. Disaster recovery is the ability of an organization to respond to and recover from...
Last updated on March 11, 2022. Disaster recovery is the ability of an organization to respond to and recover from an event that negatively impacts its operations. Disaster recovery methods enable an organization to quickly...
