Segregation of duties in your ISMS according to ISO 27001 A.6.1.2
Rhand Leal
Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and...
Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and processes (e.g., stock exchange operators and air traffic controllers). While this is good to improve...
How can ISO 27001 help protect your company against ransomware?
Carla Bouca
Ransomware is a sophisticated malware that blocks users’ access to their files through the use of encryption. The attackers will...
Ransomware is a sophisticated malware that blocks users’ access to their files through the use of encryption. The attackers will ask for a ransom to unlock the infected computer. Although ransomware has been known as...
ISO 22301 Case study in the travel industry: Business continuity as a necessity in customer care
Wolfgang Mahr
Business continuity protects an organization from the impacts of business disruptions. The goal is to provide a certain level of...
Business continuity protects an organization from the impacts of business disruptions. The goal is to provide a certain level of products and services to customers during disruptions. But, what do industries need in order to...
Data Privacy Protection, ISO 27001 and CISPE Code of Conduct
With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data...
With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data of European citizens are rushing to adapt their operations to new requirements to avoid problems...
Where does information security fit into a company?
Dejan Kosutic
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate...
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who...
