Show me desktop version

The ISO 27001 & ISO 22301 Blog

Business Continuity Management vs. Information Security vs. IT Disaster Recovery

For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and IT Disaster Recovery (IT DR). All three areas have something to do with “security,” “losses,” “disasters,” and “protection.” Read on to learn more about the particular roles of disciplines often …

Read More ...

Where does information security fit into a company?

Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who should be handling information security and from which organizational unit, let’s see first the conceptual …

Read More ...

Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003

Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information Security, Business Continuity, Supply Chain Security, and possibly others), the term is widely used but …

Read More ...

Resolving cloud security concerns by defining clear responsibilities according to ISO 27017

Cloud solutions are attractive answers for those who look for cost savings and quick demand response infrastructure, and Internet searches can show you how these kinds of solutions are rapidly growing and being adopted by organizations of all sizes, especially by small and medium-sized organizations. However, their very nature requires …

Read More ...

How ISO 27001 and ISO 27799 complement each other in health organizations

More and more hospitals are interested in protecting their patient information, but they see ISO 27001 as not being specific enough. Although it covers many general aspects about information security, you can integrate it with other standards to cover specific aspects – for example, ISO 27799 for the protection of personal …

Read More ...

How to manage changes in an ISMS according to ISO 27001 A.12.1.2

Changes are necessary in the information technology sector, mainly because every so often it is necessary to update servers, systems, etc. But risks (seen from an information security point of view) arise when changes are performed in an uncontrolled way, i.e., confidentiality, integrity, and availability of systems, applications, information… could …

Read More ...

How to manage security in project management according to ISO 27001 A.6.1.5

Security in project management is a completely new thing in the 2013 revision of ISO 27001 – many people are wondering how to set it up, and whether their projects should be covered with this control at all. Read this article to find the answers… It is likely that you’ve heard …

Read More ...

How to use ISO 22301 for the implementation of business continuity in ISO 27001

One of the biggest mysteries in ISO 27001 implementation is the Annex A section A.17, which speaks about business continuity management. How does business continuity relate to information security, and why is it included in ISO 27001? Unfortunately, ISO 27001 does not provide much detail when it comes to business continuity. …

Read More ...

Qualifications for an ISO 27001 Internal Auditor

One of the requirements of ISO 27001:2013 is the realization of an internal audit, as set out in Section 9.2 of the standard. But, the question is: Who can perform this internal audit? We will find out in the following points. The ISO 27001:2013 standard does not set requirements that an …

Read More ...

How to implement ISO 27001 and ISO 20000 together

All management systems based on ISO standards have one thing in common: the known cycle of Deming or PDCA (Plan, Do, Check, and Act), which can make the integration of various ISO standards in an organization easier: ISO 9001, ISO 14001, ISO 27001, ISO 20000, ISO 22301, etc. I know …

Read More ...

8 Security Practices to Use in Your Employee Training and Awareness Program

This might be hard to believe, but it is true: 59% of data breaches are happening not because of some smart hacker who wants to do harm to your company; those breaches are happening because of your own employees. As I’ve argued in my article How a change in thinking …

Read More ...

How a change in thinking can stop 59% of security incidents

According to Experian 2015 Second Annual Data Breach Industry Forecast, the largest number of security incidents are happening because of human error and malicious insiders: “… the majority of data breaches originate inside company walls. Employees and negligence are the leading cause of security incidents but remain the least reported …

Read More ...

Small business guide to cyber security: 6 steps against the data breach

Lately we’ve seen many large companies getting hacked: Anthem, Sony, and Target to name just a few. The number of data breaches increased 27.5% in 2014, so measures against these types of security incidents are on the rise in large companies. How about small businesses? Do they really stand a …

Read More ...

2014 Data Breaches in the United States

Read More ...

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
Implementing Business Impact Analysis according to ISO 22301
Wednesday - March 29, 2017
Show posts:
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933