How two-factor authentication enables compliance with ISO 27001 access controls
Rhand Leal
Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security...
Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security at all. Because of that, access control stays in the main focus of security teams...
Enabling communication during disruptive incidents according to ISO 22301
Disasters and disruptive business incidents push people and organizations to their limits, and one of the first impacted elements are...
Disasters and disruptive business incidents push people and organizations to their limits, and one of the first impacted elements are communication systems. Depending on incident type and magnitude, increased demand for communication, or communication infrastructure...
Organizational resilience according to ISO 22316 – Is this another buzzword?
Wolfgang Mahr
Both management systems standards on information security (ISO 27001) and business continuity (ISO 22301), while trying to encompass the whole...
Both management systems standards on information security (ISO 27001) and business continuity (ISO 22301), while trying to encompass the whole organization, still lack components and dimensions to holistically protect an enterprise. The concept of resilience...
Beyond the BCM Manager: Additional roles to consider during the disruptive incident
A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this,...
A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this, many of them adopt business continuity practices, such as Business Continuity Management Systems (BCMS) based...
What does ISO 27001 Lead Implementer training look like?
Nina Ugrinoska
The ISMS (Information Security Management System) plays a very important role in every business these days. Since implementation of the...
The ISMS (Information Security Management System) plays a very important role in every business these days. Since implementation of the ISMS can be a complex process (and usually differs in each industry sector), in order...
Segregation of duties in your ISMS according to ISO 27001 A.6.1.2
Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and...
Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and processes (e.g., stock exchange operators and air traffic controllers). While this is good to improve...
How can ISO 27001 help protect your company against ransomware?
Carla Bouca
Ransomware is a sophisticated malware that blocks users’ access to their files through the use of encryption. The attackers will...
Ransomware is a sophisticated malware that blocks users’ access to their files through the use of encryption. The attackers will ask for a ransom to unlock the infected computer. Although ransomware has been known as...
ISO 22301 Case study in the travel industry: Business continuity as a necessity in customer care
Business continuity protects an organization from the impacts of business disruptions. The goal is to provide a certain level of...
Business continuity protects an organization from the impacts of business disruptions. The goal is to provide a certain level of products and services to customers during disruptions. But, what do industries need in order to...
Data Privacy Protection, ISO 27001 and CISPE Code of Conduct
With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data...
With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data of European citizens are rushing to adapt their operations to new requirements to avoid problems...
Where does information security fit into a company?
Dejan Kosutic
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate...
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who...
Does ISO 27001 implementation satisfy EU GDPR requirements?
Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General...
Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General Data Protection Regulation (EU GDPR) requirements?” and “Our company is ISO 27001 certified. Are we...
Network segregation in cloud environments according to ISO 27017
In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation...
In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation according to ISO 27001 control A.13.1.3), and while the concepts presented there are still valid...
How to use ISO 27017 to manage legal risks related to geographical location
Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer...
Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer and a network connection to work with data, applications, and resources. While from user’s point...
4 crucial techniques for convincing your top management about ISO 27001 implementation
Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to...
Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to work very hard to convince them. Essentially, you need to have two elements to be...
Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003
Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these...
Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information...
