ISO 27001 vs. ISO 27017 – Information security controls for cloud services
Dejan Kosutic
The future of ISO 27017, together with ISO 27018, seems quite bright: they define security standards for today’s fastest-growing industry...
The future of ISO 27017, together with ISO 27018, seems quite bright: they define security standards for today’s fastest-growing industry – cloud computing. This topic is so big and so hot, that these two standards...
Logging according to ISO 27001 A.8.15
Antonio Jose Segovia
Updated: January 21, 2023, according to ISO 27001:2022 revision. It’s easy in “peaceful” times, but when security incidents arise –...
Updated: January 21, 2023, according to ISO 27001:2022 revision. It’s easy in “peaceful” times, but when security incidents arise – you need to start from somewhere. And you need to start by finding out what...
ISO 27018 – Standard for protecting privacy in the cloud
Rhand Leal
Update 2022-04-25. If your company is delivering services in the cloud, you probably have more and more customers asking you...
Update 2022-04-25. If your company is delivering services in the cloud, you probably have more and more customers asking you how their personal data is protected. ISO 27001 is certainly a good way to do it;...
Using ITIL to implement ISO 27001 incident management
Incident management is one of the key processes to ensure the effectiveness of any business operation. With more or less...
Incident management is one of the key processes to ensure the effectiveness of any business operation. With more or less sophistication and maturity, practically any organization has practices in place to deal with undesired events,...
How to implement network segregation according to ISO 27001 control A.13.1.3
Update 2022-09-06. Think about a house, or office, with only one big space where you can arrange all your loved...
Update 2022-09-06. Think about a house, or office, with only one big space where you can arrange all your loved and precious things the way you think most appropriate. Tempting, isn’t it? The flexibility to...
How to handle incidents according to ISO 27001 Annex A
Updated: January 20, 2025, according to the ISO 27001:2022 revision. One of the issues that most concern managers of an...
Updated: January 20, 2025, according to the ISO 27001:2022 revision. One of the issues that most concern managers of an organization is that their employees (although employees are not the only source of incidents, but...
ISO 27001 project management: Implementing complex security controls using Work Breakdown Structure (WBS)
What do diverse situations like the Battle of Trafalgar (1805), the Cooley–Tukey FFT algorithm (1965), and the multi-sided market competition...
What do diverse situations like the Battle of Trafalgar (1805), the Cooley–Tukey FFT algorithm (1965), and the multi-sided market competition have in common? They are all examples of big or complex problems divided into smaller...
How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1
You have certainly already heard, or lived, this scenario: it is a normal day and the systems are working fine,...
You have certainly already heard, or lived, this scenario: it is a normal day and the systems are working fine, when suddenly they slow down for no apparent reason or simply stop. User support starts...
3 phases of delivering an ISO 27001/ISO 22301 consulting job
If you’re an independent consultant at the beginning of your career, you’re probably wondering how to perform your first consulting...
If you’re an independent consultant at the beginning of your career, you’re probably wondering how to perform your first consulting job for ISO 27001 or ISO 22301 implementation. But, don’t worry – here’s what you need...
Understanding IT disaster recovery according to ISO 27031
Rashpal Singh
Last updated on March 11, 2022. Disaster recovery is the ability of an organization to respond to and recover from...
Last updated on March 11, 2022. Disaster recovery is the ability of an organization to respond to and recover from an event that negatively impacts its operations. Disaster recovery methods enable an organization to quickly...
How to manage changes in an ISMS according to ISO 27001 A.12.1.2
Changes are necessary in the information technology sector, mainly because every so often it is necessary to update servers, systems,...
Changes are necessary in the information technology sector, mainly because every so often it is necessary to update servers, systems, etc. But risks (seen from an information security point of view) arise when changes are...
What is a BYOD policy, and how can you easily write one using ISO 27001 controls?
One would expect that ISO 27001, the leading information security standard, would have strict requirements regarding BYOD. However, you would...
One would expect that ISO 27001, the leading information security standard, would have strict requirements regarding BYOD. However, you would be surprised – such requirements do not exist, and what’s more, BYOD is ever mentioned...
What are secure engineering principles in ISO 27001:2013 control A.14.2.5?
Ranko Njegovan
In my days of programming (big hosts and green/amber terminals, matrix printers…) we didn’t think so much about information security,...
In my days of programming (big hosts and green/amber terminals, matrix printers…) we didn’t think so much about information security, and especially not about secure engineering. Functional specifications were very simple, and acceptance criteria for...
ISO 27032 – What is it, and how does it differ from ISO 27001?
There are many standards in the ISO 27001 series, all related to security. You probably don’t know much about ISO...
There are many standards in the ISO 27001 series, all related to security. You probably don’t know much about ISO 27032:2012 because it is not as well-known as ISO 27001, ISO 27002, or ISO 22301,...
How to handle access control according to ISO 27001
Updated: March 29, 2023, according to the ISO 27001 2022 revision. Access control is usually perceived as a technical activity...
Updated: March 29, 2023, according to the ISO 27001 2022 revision. Access control is usually perceived as a technical activity that has to do with opening accounts, setting passwords, and similar stuff – and it...
How to make your investment in ISO 27001 profitable
Nothing motivates executives more than profits; so, if you’re proposing your ISO 27001 project to your top management, you should...
Nothing motivates executives more than profits; so, if you’re proposing your ISO 27001 project to your top management, you should figure out how this project can increase the profit of your company. “But how?” you...
How to manage security in project management according to ISO 27001 A.5.8
Updated: March 28, 2023, according to the ISO 27001 2022 revision. Security in project management is an important part of...
Updated: March 28, 2023, according to the ISO 27001 2022 revision. Security in project management is an important part of ISO 27001 – many people are wondering how to set it up, and whether their projects...
Applicability of ISO 27001 across industries
People often mistake ISO 27001 for an IT standard, as something that is applicable to the IT industry only. And they...
People often mistake ISO 27001 for an IT standard, as something that is applicable to the IT industry only. And they are partially right – lots of IT companies are going for ISO 27001 because they...
How to use ISO 22301 for the implementation of business continuity in ISO 27001
One of the biggest mysteries in ISO 27001 implementation is the Annex A section A.17, which speaks about business continuity management....
One of the biggest mysteries in ISO 27001 implementation is the Annex A section A.17, which speaks about business continuity management. How does business continuity relate to information security, and why is it included in ISO...
How to perform monitoring and measurement in ISO 27001
Performance monitoring and measurement are key actions in the maintenance and improvement of any system. (See this article for more...
Performance monitoring and measurement are key actions in the maintenance and improvement of any system. (See this article for more information: Achieving continual improvement through the use of maturity models.) ISO 27001 recognizes their importance in...
