Show me desktop version
CALL US +1 (646) 759 9933

The ISO 27001 & ISO 22301 Blog

How to gain employee buy-in when implementing cybersecurity according to ISO 27001

In the majority of organizations, change is embraced by senior management, but feared by employees. In the case of implementing ISO 27001, a committed senior management team (SMT) can understand clearly the benefits that an Information Security Management System (ISMS) will bring, such as decreased risk of business disruption, enhanced …

Read More ...

What is an Information Security Management System (ISMS) according to ISO 27001?

If you’ve started an  ISO 27001 implementation, you’ve surely come up with the term Information Security Management System or ISMS. Pretty vague term, isn’t it? And yet, the ISMS is the main “product” of ISO 27001 implementation. So, what exactly is an ISMS? ISO 27001 basically describes how to develop the …

Read More ...

Which questions will the ISO 27001 certification auditor ask?

If you’re going to go through the process of an ISO 27001 certification audit in your company, surely you have wondered – What will the auditor ask me? And you know what? The auditor also has questions for himself, for example: What type of answers I will receive? Most auditors …

Read More ...

How to structure the documents for ISO 27001 Annex A controls

Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to ISO 27001 Annex A. But, which documents should you write? How do you structure them? Which one do you begin with? Here’s what I found to be …

Read More ...

Main changes in the new ISO 27002

Update 2013-09-25: This blog post was updated according to the final version of ISO 27002:2013 that was published on September 25, 2013 In my previous blog post I analyzed the changes between the old ISO 27001 (published in 2005) and the 2013 revision; naturally, controls from ISO 27001 Annex A …

Read More ...

ISO 27001 control objectives – Why are they important?

Peter Drucker (one of the most influential thinkers on the subject of management theory) said “What gets measured gets managed”. The same goes for information security – if you don’t know how well you are doing, you’ll have a very difficult time steering your information security in the desired direction. …

Read More ...

What is cybersecurity and how can ISO 27001 help?

Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but at least the general idea is pretty much the same. However, when it comes to the question on how to achieve it, opinions differ sharply. This topic has become so …

Read More ...

ISO 27002 – What will the next revision bring?

It’s been six years since the last revision of ISO/IEC 27002 (in 2005) – much has changed in information security since then, and this standard definitely needs some “facelifting”. Since ISO 27002 is closely tied to ISO 27001, this revision has to be done simultaneously for both standards, and is …

Read More ...

Information security or IT security?

Update 2014-08-11: The number of controls was updated according to 2013 revision of ISO 27001. One would think that these two terms are synonyms – after all, isn’t information security all about computers? Not really. The basic point is this – you might have perfect IT security measures, but only …

Read More ...
FREE ISO 27001/22301 CONSULTATION
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera

GET FREE ADVICE

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
ISO 27001 implementation: How to make it easier using ISO 9001
Wednesday - October 25, 2017
Show posts:

OUR CLIENTS

OUR PARTNERS

  • Exemplar Global (formerly RABQSA) is leading international authority in certification of training providers.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933