How to use firewalls in ISO 27001 and ISO 27002 implementation
Antonio Jose Segovia
A firewall is basically software that manages connections between different networks (internal or external), and has the ability to accept...
A firewall is basically software that manages connections between different networks (internal or external), and has the ability to accept a connection, reject it, or filter it under certain parameters. Because this is a key...
ISO 27001 Certification: What’s next after receiving the audit report?
Rhand Leal
For those who already run a management system, like an ISMS based on ISO 27001, the certification audit event is already...
For those who already run a management system, like an ISMS based on ISO 27001, the certification audit event is already known: the auditor arrives, performs the audit opening, evaluates processes and records, states the result,...
CISA vs. ISO 27001 Lead Auditor certification
In a previous post, I talked about personal certifications helping the organization to comply with ISO 27001 clause 7.2 (see this...
In a previous post, I talked about personal certifications helping the organization to comply with ISO 27001 clause 7.2 (see this post How personal certificates can help your company’s ISMS). In today’s post, I will show...
Understanding ISO 27001 Language
One of the main rules of good communication is to adjust your speech to the target audience. ISO 27001 has...
One of the main rules of good communication is to adjust your speech to the target audience. ISO 27001 has its own set of terms, useful to leverage the understanding between security practitioners. However, an...
Achieving continual improvement through the use of maturity models
Like any other ISO management system, ISO 27001 has a requirement for continual improvement (clause 10.2). It is like that because...
Like any other ISO management system, ISO 27001 has a requirement for continual improvement (clause 10.2). It is like that because no process, no matter how well established and implemented, compliant with ISO standards or not,...
Special interest groups: A useful resource to support your ISMS
An Information Security Management System (ISMS) is only as good as its ability to keep up with the requirements of...
An Information Security Management System (ISMS) is only as good as its ability to keep up with the requirements of the business and provide adequate protection against the risks the organization is exposed to. To...
Qualifications for an ISO 27001 Internal Auditor
Updated: June 11, 2025. One of the requirements of ISO 27001 is the realization of an internal audit, as set...
Updated: June 11, 2025. One of the requirements of ISO 27001 is the realization of an internal audit, as set out in Section 9.2 of the standard. But, the question is: Who can perform this...
Physical security in ISO 27001: How to protect the secure areas
Jean-Luc Allard
Your information and IT assets aren’t located in the middle of nowhere. They need a roof, walls, doors, and adequate...
Your information and IT assets aren’t located in the middle of nowhere. They need a roof, walls, doors, and adequate operating conditions. Just like human beings. Software has back doors (not always to be exploited...
8 Security Practices to Use in Your Employee Training and Awareness Program
Dejan Kosutic
This might be hard to believe, but it is true: 59% of data breaches are happening not because of some...
This might be hard to believe, but it is true: 59% of data breaches are happening not because of some smart hacker who wants to do harm to your company; those breaches are happening because...
What Can War Teach Us About Mainframe Security?
Vaune M. Carr
The mainframe environment, or Big Iron, continues to grow at a rate of about 5% per year according to recent...
The mainframe environment, or Big Iron, continues to grow at a rate of about 5% per year according to recent predictions. While experts have historically considered the Mainframe to be the safest environment from a...
How a change in thinking can stop 82% of data breaches
Updated: March 23, 2023, according to the ISO 27001 2022 revision. According to Experian 2023 Second Annual Data Breach Industry...
Updated: March 23, 2023, according to the ISO 27001 2022 revision. According to Experian 2023 Second Annual Data Breach Industry Forecast, the largest number of data security breaches are happening because of human error and...
Small business guide to cyber security: 6 steps against the data breach
Lately we’ve seen many large companies getting hacked: Anthem, Sony, and Target to name just a few. The number of...
Lately we’ve seen many large companies getting hacked: Anthem, Sony, and Target to name just a few. The number of data breaches increased 27.5% in 2014, so measures against these types of security incidents are...
How to perform business continuity exercising and testing according to ISO 22301
Exercising and testing of business continuity plans is quite a controversial topic – some people say that it costs too...
Exercising and testing of business continuity plans is quite a controversial topic – some people say that it costs too much, while others maintain that it has no purpose because they cannot perform the full...
Explanation of the basic terminology in ISO standards
Updated 2015-12-11: Number of mandatory clauses When I deliver various trainings for ISO 27001 and ISO 22301, it always turns out...
Updated 2015-12-11: Number of mandatory clauses When I deliver various trainings for ISO 27001 and ISO 22301, it always turns out that one of the hottest topics is about which policies and procedures need to be...
Top 10 information security bloggers in 2014
If you want to stay on top of cybersecurity / information security news and insights, here are the blogs that...
If you want to stay on top of cybersecurity / information security news and insights, here are the blogs that I found the most useful. I listed here only the blogs written by independent authors...
Who should be your project manager for ISO 27001/ISO 22301?
If you’re planning to start your ISO 27001 and/or ISO 22301 project, you’re probably wondering who could lead such a...
If you’re planning to start your ISO 27001 and/or ISO 22301 project, you’re probably wondering who could lead such a complex project – what type of person do you need, with which authorities, and should...
Records management in ISO 27001 and ISO 22301
In the beginning of ISO 27001 or ISO 22301 implementation, records might seem like one of those bureaucratic requirements of these standards...
In the beginning of ISO 27001 or ISO 22301 implementation, records might seem like one of those bureaucratic requirements of these standards with no real purpose, and that will only take up your time. However, chances are...
Will a piece of paper stop the attackers?
There are many skeptics who do not believe ISO 27001 can help protect their information and/or information systems; one of...
There are many skeptics who do not believe ISO 27001 can help protect their information and/or information systems; one of their main arguments is: “Writing a policy or a procedure surely won’t help against someone...
How to structure the documents for ISO 27001 Annex A controls
Updated: April 19, 2023, according to the ISO 27001 2022 revision. Once you’ve finished your risk assessment and treatment, it...
Updated: April 19, 2023, according to the ISO 27001 2022 revision. Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to...
