ISO 27001 vs. Cyber Essentials: Similarities and differences
Advisera Rhand Leal Rhand Leal
September 11, 2017
In the Internet environment, big, medium, and small businesses all face similar risks, and many regulatory demands enforce information protection,...
In the Internet environment, big, medium, and small businesses all face similar risks, and many regulatory demands enforce information protection, but differences in resources and knowledge often result in data breaches because of the failure...
read more
How to gain employee buy-in when implementing cybersecurity according to ISO 27001
Advisera Hannah Churchman Hannah Churchman
July 3, 2017
In the majority of organizations, change is embraced by senior management, but feared by employees. In the case of implementing...
In the majority of organizations, change is embraced by senior management, but feared by employees. In the case of implementing ISO 27001, a committed senior management team (SMT) can understand clearly the benefits that an...
read more
Which security clauses to use for supplier agreements?
Advisera Rhand Leal Rhand Leal
June 19, 2017
Running a business on your own these days is practically impossible. Maintaining high levels of performance in every aspect of...
Running a business on your own these days is practically impossible. Maintaining high levels of performance in every aspect of your business to stay competitive means draining precious resources that would be better invested in...
read more
Using ISO 22301 business continuity practices to support mass public events
Advisera Wolfgang Mahr Wolfgang Mahr
June 5, 2017
Managing public events with hundreds or thousands of people is a challenge, as disruptions of these events may result in...
Managing public events with hundreds or thousands of people is a challenge, as disruptions of these events may result in huge material losses or even loss of life. We face the classic situation where disruptions...
read more
Case study: ISO 27001 implementation in an IT system integrator company
Advisera Aleksandra Gakidova Aleksandra Gakidova
May 8, 2017
For any major change in our lives, whether professional or personal, there are questions that come up before taking the...
For any major change in our lives, whether professional or personal, there are questions that come up before taking the first step. Here are just a few of the questions that you may face before...
read more
How ISO 27001 can help suppliers comply with U.S. DFARS 7012
Advisera Rhand Leal Rhand Leal
April 24, 2017
DFARS 7012 is an example of how customers’ concerns about protecting their information in the custody of suppliers and outsourced...
DFARS 7012 is an example of how customers’ concerns about protecting their information in the custody of suppliers and outsourced services has led to the establishment of ever more complex security requirements for those who...
read more
How to demonstrate resource provision in ISO 27001
Advisera Rhand Leal Rhand Leal
April 10, 2017
The availability of resources is a critical point in any endeavor. You can have the best ideas and the best...
The availability of resources is a critical point in any endeavor. You can have the best ideas and the best intentions, but if you lack resources you are doomed to failure. So, it may seem...
read more
What to implement first: ISO 22301 or ISO 27001?
Advisera Wolfgang Mahr Wolfgang Mahr
April 3, 2017
Implementing ISO management system standards, even with the help of toolkits and consultants, may be a challenging task. In practice,...
Implementing ISO management system standards, even with the help of toolkits and consultants, may be a challenging task. In practice, sometimes it seems appropriate to enhance preparedness and protection in several areas of an organization,...
read more
How to use Scrum for the ISO 27001 implementation project
Advisera Antonio Jose Segovia Antonio Jose Segovia
March 27, 2017
Scrum is a framework, based on the Agile method, mainly used in software development. Originally, it was developed for complex...
Scrum is a framework, based on the Agile method, mainly used in software development. Originally, it was developed for complex product development, and there are many companies in the world that currently use this framework...
read more
Should information security focus on asset protection, compliance, or corporate governance?
Advisera Dejan Kosutic Dejan Kosutic
March 13, 2017
Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all,...
Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all, this is what the first (2005) revision of ISO 27001, and its predecessor BS 7799-2,...
read more
Business Continuity Management vs. Information Security vs. IT Disaster Recovery
Advisera Wolfgang Mahr Wolfgang Mahr
February 27, 2017
For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and...
For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and IT Disaster Recovery (IT DR). All three areas have something to do with “security,” “losses,”...
read more
Aligning information security with the strategic direction of a company according to ISO 27001
Advisera Dejan Kosutic Dejan Kosutic
February 20, 2017
There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term...
There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term “survival” of an Information Security Management System (ISMS) in a company: this is the requirement...
read more
How to manage the security of network services according to ISO 27001 A.13.1.2
Advisera Antonio Jose Segovia Antonio Jose Segovia
February 13, 2017
Everybody knows that information is stored in information systems (workstations, laptops, smartphones, etc.), but to exchange the information via a...
Everybody knows that information is stored in information systems (workstations, laptops, smartphones, etc.), but to exchange the information via a network is necessary. Most of the information systems in this world are connected to the...
read more
How to identify ISMS requirements of interested parties in ISO 27001
Advisera Rhand Leal Rhand Leal
February 6, 2017
“If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in...
“If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in the movie Forrest Gump describes perfectly why many projects fail: lack of clear requirements. Definition...
read more
How to integrate ISO 27001 controls into the system/software development life cycle (SDLC)
Advisera Rhand Leal Rhand Leal
January 24, 2017
Updated: March 27, 2023, according to the ISO 27001 2022 revision. Information security is only as good as the processes...
Updated: March 27, 2023, according to the ISO 27001 2022 revision. Information security is only as good as the processes related to it, yet we find many organizations concerned only about whether security features exist...
read more

Upcoming free webinar

Advisera Carlos Pereira da Cruz
Presenter
Carlos Pereira da Cruz
How to Perform an ISO Internal Audit
Thursday – May 2, 2024
Register now

Suggested reading

ISO 27001 2013 vs. 2022 revision – What has changed?
by Dejan Kosutic
Does ISO 27001 implementation satisfy EU GDPR requirements?
by Carla Bouca
How to perform training & awareness for ISO 27001 and ISO 22301
by Dejan Kosutic

Security Awareness Training

Protect your company’s most valuable information.
Start now