How ISO 27001 and ISO 27799 complement each other in health organizations
Antonio Jose Segovia
More and more hospitals are interested in protecting their patient information, but they see ISO 27001 as not being specific enough....
More and more hospitals are interested in protecting their patient information, but they see ISO 27001 as not being specific enough. Although it covers many general aspects about information security, you can integrate it with other...
The blessing of continuous improvement in ISO 22301
Wolfgang Mahr
As with any other ISO management standard, not improving is not an option in ISO 22301. Best results can be...
As with any other ISO management standard, not improving is not an option in ISO 22301. Best results can be achieved if improvements are applied to different aspects of the BCM approach. What improvement area...
What is the ISO 27001 Information Security Policy, and how can you write it yourself?
Dejan Kosutic
Update 2022-04-08. The content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001...
Update 2022-04-08. The content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001 – very often, the purpose of this document is misunderstood, and in many cases, people...
What is an Information Security Management System (ISMS)?
Updated: November 8, 2023. If you’re working with ISO 27001, you’ve surely came across the term “Information Security Management System”...
Updated: November 8, 2023. If you’re working with ISO 27001, you’ve surely came across the term “Information Security Management System” or ISMS. Pretty vague term, isn’t it? In the following article, we will give you...
How to use NIST SP 800-53 for the implementation of ISO 27001 controls
Rhand Leal
Update 2022-09-07. In my previous article, How to use the NIST SP800 series of standards for ISO 27001 implementation, I...
Update 2022-09-07. In my previous article, How to use the NIST SP800 series of standards for ISO 27001 implementation, I made a description about the NIST SP800 series (documents describing computer security practices, published by...
How to use the NIST SP800 series of standards for ISO 27001 implementation
Although ISO 27001, an international standard for information security management, provides control objectives and controls that cover a wide range of...
Although ISO 27001, an international standard for information security management, provides control objectives and controls that cover a wide range of security issues, they are not exhaustive. Thus, ISO 27001 clauses 6.1.3 b) and c) note...
How to implement equipment physical protection according to ISO 27001 A.11.2
Most of the companies today have physical equipment protection methods and controls to protect themselves from malicious software (viruses, trojans,...
Most of the companies today have physical equipment protection methods and controls to protect themselves from malicious software (viruses, trojans, etc.), to prevent employees from accessing malicious sites (filtering addresses through proxy servers), or to...
ISO 27001 Internal Auditor training – Is it good for my career?
With business processes under constant pressure from management, customers, and other interested parties, to protect information exactly as requested, by...
With business processes under constant pressure from management, customers, and other interested parties, to protect information exactly as requested, by means of technical specifications, legal requirements, or business objectives, and the greater complexity and sophistication...
The challenging role of the ISO 22301 BCM Manager
The Business Continuity Management (BCM) manager plays a pivotal role in the implementation of a BCM approach. As such, the role...
The Business Continuity Management (BCM) manager plays a pivotal role in the implementation of a BCM approach. As such, the role faces multiple challenges, from both top management and key process owners within the organization. As...
Clear desk and clear screen policy and what it means for ISO 27001
Updated: December 05, 2022., according to the ISO 27001:2022 revision. Imagine this scene: an employee at his desk, in an...
Updated: December 05, 2022., according to the ISO 27001:2022 revision. Imagine this scene: an employee at his desk, in an open-plan office, is reviewing on his notebook some data to prepare a report about the...
ISO 27001 vs. ITIL: Similarities and differences
IT services are one of the main pathways for information to flow through organizations, their clients and partners, and as...
IT services are one of the main pathways for information to flow through organizations, their clients and partners, and as legal and contractual requirements are increasingly including information protection demands (the healthcare industry is an...
Implementing capacity management according to ISO 27001:2013 control A.12.1.3
Ranko Njegovan
I’m sure you know, but it’s always about meeting agreed SLAs with your customers (internal and/or external) in the most...
I’m sure you know, but it’s always about meeting agreed SLAs with your customers (internal and/or external) in the most cost-effective manner. Appropriate performance under an acceptable price is the holy grail of any successful...
What to look for when hiring a security professional
Besides proper procedures and technologies, counting on good professionals can make all the difference during implementation and operation of any...
Besides proper procedures and technologies, counting on good professionals can make all the difference during implementation and operation of any process or project. The “Apollo 13” movie shows what skilled men can do when procedures...
Implementing restrictions on software installation using ISO 27001 control A.12.6.2
Currently, in all companies around the world, it is necessary to install software (operating systems, office applications, financial applications, applications...
Currently, in all companies around the world, it is necessary to install software (operating systems, office applications, financial applications, applications development, etc.). But, in general, the installation of this software is not sufficiently controlled, which...
Key performance indicators for an ISO 27001 ISMS
Think about a medical exam. Our objective is for the physician to tell us that our health is ok and...
Think about a medical exam. Our objective is for the physician to tell us that our health is ok and that we’ll live a long life, right? And how does the physician evaluate our health...
How to protect against external and environmental threats according to ISO 27001 A.11.1.4
Physical security plays a critical role in information protection, because even the best designed, implemented, and maintained technical and administrative...
Physical security plays a critical role in information protection, because even the best designed, implemented, and maintained technical and administrative controls, whether IT related or from some other area, are of little help if an...
How to use penetration testing for ISO 27001 A.12.6.1
A famous historical hacker, Kevin Mitnick, said on one occasion: “I get hired by companies to hack into their systems...
A famous historical hacker, Kevin Mitnick, said on one occasion: “I get hired by companies to hack into their systems and break into their physical facilities to find security holes. Our success rate is 100%;...
How to set security requirements and test systems according to ISO 27001
Security is something that everyone wants to have, but which no one ever wants to use. And this thought can...
Security is something that everyone wants to have, but which no one ever wants to use. And this thought can bring a lot of problems. Unless a system’s purpose is security related (e.g., firewall, access...
How to use cryptography according to ISO 27001 control A.8.24
Updated: December 28, 2022., according to the ISO 27001:2022 revision. Today, information travels constantly from one part of the world to...
Updated: December 28, 2022., according to the ISO 27001:2022 revision. Today, information travels constantly from one part of the world to another through email, online transactions, USB flash drives, and external hard drives. Outside the facilities...
Media & equipment disposal – what is it and how to do it in line with ISO 27001
Update 2022-4-26. Today, hard drive and other media devices are less common than they were some years ago, because the...
Update 2022-4-26. Today, hard drive and other media devices are less common than they were some years ago, because the current trend is to use the cloud, although there are still a lot of people...
