Show me desktop version
CALL US +1 (646) 759 9933

Where does information security fit into a company?

Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who should be handling information security and from which organizational unit, let’s see first the conceptual …

Read More ...

Does ISO 27001 implementation satisfy EU GDPR requirements?

Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General Data Protection Regulation (EU GDPR) requirements?” and “Our company is ISO 27001 certified. Are we already compliant with EU GDPR?” The new regulation introduces a set of rules that require …

Read More ...

How to integrate COSO, COBIT, and ISO 27001 frameworks

Recently, the ISO (International Standardization Organization) updated ISO 9001, ISO 14001, and ISO 27001 to make easier to use them together. But, how do they interact with practices outside the ISO world? How to integrate COSO, COBIT, and ISO 27001 frameworks. This article will present how ISO 27001 can be …

Read More ...

What is the EU GDPR and why is it applicable to the whole world?

The General Data Protection Regulation (GDPR) will replace the actual Directive (Data Protection Directive 95/46/EC). It will not apply until May 25, 2018, but it does require companies to start preparing now, taking into account some obligations may be onerous and time consuming to implement. What is personal data? Based …

Read More ...

Network segregation in cloud environments according to ISO 27017

In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation according to ISO 27001 control A.13.1.3), and while the concepts presented there are still valid when you consider network segregation in cloud computing environments, some new considerations must be made. …

Read More ...

How to use ISO 27017 to manage legal risks related to geographical location

Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer and a network connection to work with data, applications, and resources. While from user’s point of view this is true, cloud services ultimately rely on physical infrastructure, which has to …

Read More ...

4 crucial techniques for convincing your top management about ISO 27001 implementation

Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to work very hard to convince them. Essentially, you need to have two elements to be successful in that process: (1) prepare a list of business benefits that are really applicable …

Read More ...

Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003

Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information Security, Business Continuity, Supply Chain Security, and possibly others), the term is widely used but …

Read More ...

What does ISO 27001 Lead Auditor training look like?

In the last four years I’ve been preparing and presenting a lot of trainings for ISO 27001 Lead Auditor. At the end, participants understand that this is just the beginning of the journey to reach the “end of the stairs,” and become a professional in ISMS (Information Security Management System) auditing.  …

Read More ...

Resolving cloud security concerns by defining clear responsibilities according to ISO 27017

Cloud solutions are attractive answers for those who look for cost savings and quick demand response infrastructure, and Internet searches can show you how these kinds of solutions are rapidly growing and being adopted by organizations of all sizes, especially by small and medium-sized organizations. However, their very nature requires …

Read More ...

How to prepare for an ISO 27001 internal audit

Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless” job is done, the better. But, such a rush will only create problems, and make the internal audit longer than necessary. So, let’s see what you have to prepare to …

Read More ...

Using Intrusion Detection Systems and Honeypots to comply with ISO 27001 A.13.1.1 network controls

Networks are what make collaborative work possible. Without them, remote or global business wouldn’t exist. This critical role attracts attention, and makes networks a preferred target to wrongdoers, placing them in the security personnel’s top priorities. In previous articles about ISO 27001 network controls, we talked about firewalls and network segregation (see …

Read More ...

How to manage network security according to ISO 27001 A.13.1

As more and more people and organizations become interconnected, more and more information is exchanged, from that considered trivial and disposable to that most sensitive and necessary for people’s lives and business survival. That’s why today’s network infrastructure is so important, and so attractive to wrongdoers. So, to ensure the …

Read More ...

How to document roles and responsibilities according to ISO 27001

Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very detailed definition of roles and responsibilities. Actually, this is not true. Please don’t get me wrong: assigning and communicating roles and responsibilities is important, because that is how all employees in …

Read More ...
FREE ISO 27001/22301 CONSULTATION
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera

GET FREE ADVICE

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
How to sell ISO consulting services
Wednesday - September 13, 2017

OUR PARTNERS


  • Exemplar Global (formerly RABQSA) is leading international
    authority in certification of training providers.

  • ITIL® is a registered trade mark of AXELOS Limited.
    Used under licence of AXELOS Limited. All rights reserved.

  • DNV GL Business Assurance is one of the leading providers of
    accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933