The ISO 27001 & ISO 22301 Blog

Rhand Leal

How to integrate COSO, COBIT, and ISO 27001 frameworks

Recently, the ISO (International Standardization Organization) updated ISO 9001, ISO 14001, and ISO 27001 to make easier to use them together. But, how do they interact with practices outside the ISO world? How to integrate COSO, COBIT, and ISO 27001 frameworks. This article will present how ISO 27001 can be …

Read More ...
Rhand Leal

Network segregation in cloud environments according to ISO 27017

In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation according to ISO 27001 control A.13.1.3), and while the concepts presented there are still valid when you consider network segregation in cloud computing environments, some new considerations must be made. …

Read More ...
Rhand Leal

How to use ISO 27017 to manage legal risks related to geographical location

Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer and a network connection to work with data, applications, and resources. While from user’s point of view this is true, cloud services ultimately rely on physical infrastructure, which has to …

Read More ...
Dejan Kosutic

4 crucial techniques for convincing your top management about ISO 27001 implementation

Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to work very hard to convince them. Essentially, you need to have two elements to be successful in that process: (1) prepare a list of business benefits that are really applicable …

Read More ...
Wolfgang Mahr

Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003

Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information Security, Business Continuity, Supply Chain Security, and possibly others), the term is widely used but …

Read More ...
Nina Ugrinoska

What does ISO 27001 Lead Auditor training look like?

In the last four years I’ve been preparing and presenting a lot of trainings for ISO 27001 Lead Auditor. At the end, participants understand that this is just the beginning of the journey to reach the “end of the stairs,” and become a professional in ISMS (Information Security Management System) auditing.  …

Read More ...
Rhand Leal

Resolving cloud security concerns by defining clear responsibilities according to ISO 27017

Cloud solutions are attractive answers for those who look for cost savings and quick demand response infrastructure, and Internet searches can show you how these kinds of solutions are rapidly growing and being adopted by organizations of all sizes, especially by small and medium-sized organizations. However, their very nature requires …

Read More ...
Dejan Kosutic

How to prepare for an ISO 27001 internal audit

Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless” job is done, the better. But, such a rush will only create problems, and make the internal audit longer than necessary. So, let’s see what you have to prepare to …

Read More ...
Rhand Leal

Using Intrusion Detection Systems and Honeypots to comply with ISO 27001 A.13.1.1 network controls

Networks are what make collaborative work possible. Without them, remote or global business wouldn’t exist. This critical role attracts attention, and makes networks a preferred target to wrongdoers, placing them in the security personnel’s top priorities. In previous articles about ISO 27001 network controls, we talked about firewalls and network segregation (see …

Read More ...
Rhand Leal

How to manage network security according to ISO 27001 A.13.1

As more and more people and organizations become interconnected, more and more information is exchanged, from that considered trivial and disposable to that most sensitive and necessary for people’s lives and business survival. That’s why today’s network infrastructure is so important, and so attractive to wrongdoers. So, to ensure the …

Read More ...
Dejan Kosutic

How to document roles and responsibilities according to ISO 27001

Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very detailed definition of roles and responsibilities. Actually, this is not true. Please don’t get me wrong: assigning and communicating roles and responsibilities is important, because that is how all employees in …

Read More ...
Antonio Jose Segovia

How ISO 27001 and ISO 27799 complement each other in health organizations

More and more hospitals are interested in protecting their patient information, but they see ISO 27001 as not being specific enough. Although it covers many general aspects about information security, you can integrate it with other standards to cover specific aspects – for example, ISO 27799 for the protection of personal …

Read More ...
Wolfgang Mahr

The blessing of continuous improvement in ISO 22301

As with any other ISO management standard, not improving is not an option in ISO 22301. Best results can be achieved if improvements are applied to different aspects of the BCM approach. What improvement area or areas may have high priority is mainly dictated by the actual situation of the …

Read More ...
Dejan Kosutic

What should you write in your Information Security Policy according to ISO 27001?

Content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001 – very often the purpose of this document is misunderstood, and in many cases people tend to think they need to write everything about their security in this document. Well, this is not …

Read More ...

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.