The most common physical and network controls when implementing ISO 27001 in a data center
Neha Yadav
Security controls for Data Centers are becoming a huge challenge due to increasing numbers of devices and equipment being added. ...
Security controls for Data Centers are becoming a huge challenge due to increasing numbers of devices and equipment being added. In this article you will see how to build an ISO 27001 compliant Data Center...
Why is ISO 27001 applicable also for paper-based information?
Rhand Leal
Although digital information has become the generally accepted standard for handling information, there might be situations where organizations still use...
Although digital information has become the generally accepted standard for handling information, there might be situations where organizations still use paper-based information, and this documentation also must be protected according to its sensitivity and importance...
ISO 27001 information security event vs. incident vs. non-compliance
Update 2022-04-25. No environment can be 100% secure. Problems (which can be broadly described as “occurrences” or “deviations”) will happen,...
Update 2022-04-25. No environment can be 100% secure. Problems (which can be broadly described as “occurrences” or “deviations”) will happen, but not all problems need to be treated the same way, and this can have...
RACI matrix for ISO 27001 implementation project
Very often, an ISO 27001 implementation project is a multi-level and multidisciplinary endeavor, where personnel involved have different roles and responsibilities...
Very often, an ISO 27001 implementation project is a multi-level and multidisciplinary endeavor, where personnel involved have different roles and responsibilities as the project progresses. To help clarify and control personnel involvement and to establish the...
Does ISO 27001 help CCPA compliance?
In the wake of the increasing concerns over privacy protection, the U.S. state of California passed a new regulation at...
In the wake of the increasing concerns over privacy protection, the U.S. state of California passed a new regulation at the end of June of this year to ensure the protection of Californian consumers. Coming...
What to consider in case of termination or change of employment according to ISO 27001
As relationships between people and organizations evolve, it is natural for work situations to change. Concluded contracts lead to termination...
As relationships between people and organizations evolve, it is natural for work situations to change. Concluded contracts lead to termination of employment relationships, and opportunities or gaps in roles or functions lead people to relocate...
What to consider in security terms and conditions for employees according to ISO 27001
A good way to ensure that people are aware of their roles and responsibilities in an organization is by defining...
A good way to ensure that people are aware of their roles and responsibilities in an organization is by defining policies and procedures to be followed. But this solution has a limitation: they only cover...
How to use Open Web Application Security Project (OWASP) for ISO 27001?
Antonio Jose Segovia
Essentially, OWASP (Open Web Application Security Project) is an online community developing international open projects related to Web Application Security....
Essentially, OWASP (Open Web Application Security Project) is an online community developing international open projects related to Web Application Security. Mainly, it was created to develop secure web applications. Most of these projects have documents,...
How to perform background checks according to ISO 27001
Update 2022-03-16. “The human factor is the weakest link in the security.” How many times have we already heard this...
Update 2022-03-16. “The human factor is the weakest link in the security.” How many times have we already heard this sentence? How many stories have we already heard about security incidents caused by human failure...
Can ISO 27001 help your organization in a DDoS attack?
In a connected world where hundreds of transactions are made every minute, every second your systems are down or inaccessible...
In a connected world where hundreds of transactions are made every minute, every second your systems are down or inaccessible may represent a significant impact on your organizations’ business. And, while prevention of infrastructure failures...
How can ISO 27001 help you comply with SOX section 404
A number of high-profile corporate and accounting scandals collapsed several big players like Enron and WorldCom, and played havoc on...
A number of high-profile corporate and accounting scandals collapsed several big players like Enron and WorldCom, and played havoc on global investment market. In the wake of these scandals, U.S. SOX law was introduced to...
Organizational Resilience – Positioning Against ISO 22301-Based Business Continuity
Wolfgang Mahr
Approaches and methods to successfully and sustainably run businesses are being rapidly developed. Recently, the term of Organizational Resilience was...
Approaches and methods to successfully and sustainably run businesses are being rapidly developed. Recently, the term of Organizational Resilience was interpreted as being the new expression for the term Business Continuity. According to industry sources,...
European 2017 Revision of ISO/IEC 27001: What has changed?
Released at the beginning of April 2017 by BSI (the British Standards Institution), the standard BS EN ISO/IEC 27001:2017 is...
Released at the beginning of April 2017 by BSI (the British Standards Institution), the standard BS EN ISO/IEC 27001:2017 is a corrigendum over previous standard BS ISO/IEC 27001:2013. It has raised some concern among organizations...
How to perform an ISO 27001 second-party audit of an outsourced supplier
To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may...
To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may bring benefits like costs savings, and access to expert knowledge and state-of-the-art technology, it can...
How can ISO 27001 and ISO 22301 help with critical infrastructure protection?
The European Council Directive 2008/114/EC of December 8, 2008, is a European Directive for the identification and designation of critical...
The European Council Directive 2008/114/EC of December 8, 2008, is a European Directive for the identification and designation of critical European infrastructures and the assessment of the need to improve their protection. It states: Critical...
