Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024
Where does information security fit into a company?
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate...
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who...
Does ISO 27001 implementation satisfy EU GDPR requirements?
Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General...
Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General Data Protection Regulation (EU GDPR) requirements?” and “Our company is ISO 27001 certified. Are we...
How to integrate COSO, COBIT, and ISO 27001 frameworks
Recently, the ISO (International Standardization Organization) updated ISO 9001, ISO 14001, and ISO 27001 to make easier to use them...
Recently, the ISO (International Standardization Organization) updated ISO 9001, ISO 14001, and ISO 27001 to make easier to use them together. But, how do they interact with practices outside the ISO world? How to integrate...
Network segregation in cloud environments according to ISO 27017
In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation...
In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation according to ISO 27001 control A.13.1.3), and while the concepts presented there are still valid...
How to use ISO 27017 to manage legal risks related to geographical location
Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer...
Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer and a network connection to work with data, applications, and resources. While from user’s point...
4 crucial techniques for convincing your top management about ISO 27001 implementation
Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to...
Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to work very hard to convince them. Essentially, you need to have two elements to be...