How an ISO 27001 expert can become a GDPR data protection officer
If you are an ISO 27001 practitioner, you are a professional trained to establish, implement, maintain, and continually improve a...
If you are an ISO 27001 practitioner, you are a professional trained to establish, implement, maintain, and continually improve a risk-managed Information Security Management System (ISMS). You probably already know that many of your skills...
Where does information security fit into a company?
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate...
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who...
How to document roles and responsibilities according to ISO 27001
Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very...
Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very detailed definition of roles and responsibilities. Actually, this is not true. Please don’t get me...
Who should be your project manager for ISO 27001/ISO 22301?
If you’re planning to start your ISO 27001 and/or ISO 22301 project, you’re probably wondering who could lead such a...
If you’re planning to start your ISO 27001 and/or ISO 22301 project, you’re probably wondering who could lead such a complex project – what type of person do you need, with which authorities, and should...
How to perform training & awareness for ISO 27001 and ISO 22301
Most of the information security/business continuity practitioners I speak with have the same problem: the employees in their companies don’t...
Most of the information security/business continuity practitioners I speak with have the same problem: the employees in their companies don’t take them seriously – not only the top managers, but also their peers. This is...
Chief Information Security Officer (CISO) – where does he belong in an org chart?
Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it...
Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it without a person who would coordinate and manage such activities. But then they face the...
What is the job of Chief Information Security Officer (CISO) in ISO 27001?
It may sound rather funny, but ISO 27001 does not require a company to nominate a Chief Information Security Officer,...
It may sound rather funny, but ISO 27001 does not require a company to nominate a Chief Information Security Officer, or any other person who would coordinate information security (e.g., Information security officer, Security manager,...