5 greatest myths about ISO 27001
Dejan Kosutic
Very often I hear things about ISO 27001 and I don’t know whether to laugh or cry over them. Actually...
Very often I hear things about ISO 27001 and I don’t know whether to laugh or cry over them. Actually it is funny how people tend to make decisions about something they know very little...
Lessons learned from WikiLeaks: What is exactly information security?
Nowadays WikiLeaks is a hot story for a good reason – it is not very common for confidential documents of...
Nowadays WikiLeaks is a hot story for a good reason – it is not very common for confidential documents of the world’s most powerful government to be published on the Internet. And some of these...
How to learn about ISO 27001 and BS 25999-2
Training is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are...
Training is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are more and more types of courses available, I’ll try to explain their benefits and the...
BS 25999-2 implementation checklist
Your management has given you the task to implement business continuity, but you’re not really sure how to do it?...
Your management has given you the task to implement business continuity, but you’re not really sure how to do it? Although it is not an easy task, you can use the BS 25999-2 methodology to...
Disaster recovery vs. business continuity
Updated: December 15, 2023. Has it ever happened to you that your management has given you the responsibility to implement...
Updated: December 15, 2023. Has it ever happened to you that your management has given you the responsibility to implement business continuity just because you are in the IT department? Why is business continuity usually...
How to deal with BCM sceptics?
Have you ever heard something like “It can’t be done”, “It has no use”, or “It’s useless if a major...
Have you ever heard something like “It can’t be done”, “It has no use”, or “It’s useless if a major disaster occurs”? If you implemented business continuity management, you probably did. Naturally, such an attitude...
Problems with defining the scope in ISO 27001
You probably knew that the first step in ISO 27001 implementation is defining the scope. What you probably didn’t know...
You probably knew that the first step in ISO 27001 implementation is defining the scope. What you probably didn’t know is that this step, although simple at first glance, can sometimes cause you quite a...
Five Tips for Successful Business Impact Analysis
You have probably wondered why you have to perform business impact analysis (BIA) once you already did the risk assessment....
You have probably wondered why you have to perform business impact analysis (BIA) once you already did the risk assessment. You identified all the risks, didn’t you? Spent quite a lot of time analyzing your...
Information security policy – how detailed should it be?
Quite often I see information security policies written in too much detail, trying to cover everything from strategic objectives to...
Quite often I see information security policies written in too much detail, trying to cover everything from strategic objectives to how many numerical digits a password should contain. The only problem with such policies is...
How to write business continuity plans?
If you started implementing business continuity management, probably the biggest challenge you are facing is writing the business continuity plans....
If you started implementing business continuity management, probably the biggest challenge you are facing is writing the business continuity plans. Why is it so difficult? Well, you have to think of various scenarios under which...
Dilemmas with ISO 27001 & BS 25999-2 internal auditors
If this is the first time you have come across the notion of internal auditor, you are probably puzzled –...
If this is the first time you have come across the notion of internal auditor, you are probably puzzled – Why would I need another control? Who is going to pay for it? Who should...
Can business continuity strategy save your money?
You are thinking about implementing the business continuity management/BS 25999-2 standard? But then you hear it will cost you a...
You are thinking about implementing the business continuity management/BS 25999-2 standard? But then you hear it will cost you a lot? It probably will cost you, but not necessarily as much as you thought –...
Information security or IT security?
Update 2014-08-11: The number of controls was updated according to 2013 revision of ISO 27001. One would think that these...
Update 2014-08-11: The number of controls was updated according to 2013 revision of ISO 27001. One would think that these two terms are synonyms – after all, isn’t information security all about computers? Not really....
Main obstacles to the implementation of ISO 27001
You have this great idea that ISO 27001 will help you achieve compliance, attract new customers, decrease cost of incidents,...
You have this great idea that ISO 27001 will help you achieve compliance, attract new customers, decrease cost of incidents, and streamline your core IT processes? The idea is nice, but when it comes to...
