Show me desktop version
CALL US 1-888-553-2256
CountryCountry

The ISO 27001 & ISO 22301 Blog

Rhand Leal

How ISO 27001 can help suppliers comply with U.S. DFARS 7012

DFARS 7012 is an example of how customers’ concerns about protecting their information in the custody of suppliers and outsourced services has led to the establishment of ever more complex security requirements for those who wish to work with them. And, this increase in customer compliance demands has also increased …

Read More ...
Wolfgang Mahr

Business Continuity Management vs. Information Security vs. IT Disaster Recovery

For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and IT Disaster Recovery (IT DR). All three areas have something to do with “security,” “losses,” “disasters,” and “protection.” Read on to learn more about the particular roles of disciplines often …

Read More ...
Dejan Kosutic

Where does information security fit into a company?

Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who should be handling information security and from which organizational unit, let’s see first the conceptual …

Read More ...
Wolfgang Mahr

Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003

Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information Security, Business Continuity, Supply Chain Security, and possibly others), the term is widely used but …

Read More ...
Rhand Leal

Resolving cloud security concerns by defining clear responsibilities according to ISO 27017

Cloud solutions are attractive answers for those who look for cost savings and quick demand response infrastructure, and Internet searches can show you how these kinds of solutions are rapidly growing and being adopted by organizations of all sizes, especially by small and medium-sized organizations. However, their very nature requires …

Read More ...
Antonio Jose Segovia

How ISO 27001 and ISO 27799 complement each other in health organizations

More and more hospitals are interested in protecting their patient information, but they see ISO 27001 as not being specific enough. Although it covers many general aspects about information security, you can integrate it with other standards to cover specific aspects – for example, ISO 27799 for the protection of personal …

Read More ...
Antonio Jose Segovia

How to manage changes in an ISMS according to ISO 27001 A.12.1.2

Changes are necessary in the information technology sector, mainly because every so often it is necessary to update servers, systems, etc. But risks (seen from an information security point of view) arise when changes are performed in an uncontrolled way, i.e., confidentiality, integrity, and availability of systems, applications, information… could …

Read More ...
Antonio Jose Segovia

How to manage security in project management according to ISO 27001 A.6.1.5

Security in project management is a completely new thing in the 2013 revision of ISO 27001 – many people are wondering how to set it up, and whether their projects should be covered with this control at all. Read this article to find the answers… It is likely that you’ve heard …

Read More ...
Dejan Kosutic

How to use ISO 22301 for the implementation of business continuity in ISO 27001

One of the biggest mysteries in ISO 27001 implementation is the Annex A section A.17, which speaks about business continuity management. How does business continuity relate to information security, and why is it included in ISO 27001? Unfortunately, ISO 27001 does not provide much detail when it comes to business continuity. …

Read More ...
Antonio Jose Segovia

Qualifications for an ISO 27001 Internal Auditor

One of the requirements of ISO 27001:2013 is the realization of an internal audit, as set out in Section 9.2 of the standard. But, the question is: Who can perform this internal audit? We will find out in the following points. The ISO 27001:2013 standard does not set requirements that an …

Read More ...
Antonio Jose Segovia

How to implement ISO 27001 and ISO 20000 together

All management systems based on ISO standards have one thing in common: the known cycle of Deming or PDCA (Plan, Do, Check, and Act), which can make the integration of various ISO standards in an organization easier: ISO 9001, ISO 14001, ISO 27001, ISO 20000, ISO 22301, etc. I know …

Read More ...
Dejan Kosutic

8 Security Practices to Use in Your Employee Training and Awareness Program

This might be hard to believe, but it is true: 59% of data breaches are happening not because of some smart hacker who wants to do harm to your company; those breaches are happening because of your own employees. As I’ve argued in my article How a change in thinking …

Read More ...
Dejan Kosutic

How a change in thinking can stop 59% of security incidents

According to Experian 2015 Second Annual Data Breach Industry Forecast, the largest number of security incidents are happening because of human error and malicious insiders: “… the majority of data breaches originate inside company walls. Employees and negligence are the leading cause of security incidents but remain the least reported …

Read More ...
Dejan Kosutic

Small business guide to cyber security: 6 steps against the data breach

Lately we’ve seen many large companies getting hacked: Anthem, Sony, and Target to name just a few. The number of data breaches increased 27.5% in 2014, so measures against these types of security incidents are on the rise in large companies. How about small businesses? Do they really stand a …

Read More ...

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.