ISO 27001 in the banking industry: “One standard to rule them all”
Tom van der Stoop
Why should banks go with ISO 27001? If you know the “Lord of the Rings” saga, the headline of this...
Why should banks go with ISO 27001? If you know the “Lord of the Rings” saga, the headline of this article probably sounds familiar. “One ring to rule them all” refers to the magic ring...
A success story about implementation of ISO 27001 and 9001: How online platform Doccle did it
Marja Colak
Is it possible for a SaaS company to implement ISO standards, and how and why should SaaS companies get certified?...
Is it possible for a SaaS company to implement ISO standards, and how and why should SaaS companies get certified? On your way to success, this is an important step, and this is just what...
How ISO 27001 can help suppliers comply with U.S. DFARS 7012
Rhand Leal
DFARS 7012 is an example of how customers’ concerns about protecting their information in the custody of suppliers and outsourced...
DFARS 7012 is an example of how customers’ concerns about protecting their information in the custody of suppliers and outsourced services has led to the establishment of ever more complex security requirements for those who...
Business Continuity Management vs. Information Security vs. IT Disaster Recovery
Wolfgang Mahr
For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and...
For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and IT Disaster Recovery (IT DR). All three areas have something to do with “security,” “losses,”...
Where does information security fit into a company?
Dejan Kosutic
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate...
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who...
Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003
Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these...
Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information...
Resolving cloud security concerns by defining clear responsibilities according to ISO 27017
Cloud solutions are attractive answers for those who look for cost savings and quick demand response infrastructure, and Internet searches...
Cloud solutions are attractive answers for those who look for cost savings and quick demand response infrastructure, and Internet searches can show you how these kinds of solutions are rapidly growing and being adopted by...
How ISO 27001 and ISO 27799 complement each other in health organizations
Antonio Jose Segovia
More and more hospitals are interested in protecting their patient information, but they see ISO 27001 as not being specific enough....
More and more hospitals are interested in protecting their patient information, but they see ISO 27001 as not being specific enough. Although it covers many general aspects about information security, you can integrate it with other...
How to manage changes in an ISMS according to ISO 27001 A.12.1.2
Changes are necessary in the information technology sector, mainly because every so often it is necessary to update servers, systems,...
Changes are necessary in the information technology sector, mainly because every so often it is necessary to update servers, systems, etc. But risks (seen from an information security point of view) arise when changes are...
How to manage security in project management according to ISO 27001 A.5.8
Updated: March 28, 2023, according to the ISO 27001 2022 revision. Security in project management is an important part of...
Updated: March 28, 2023, according to the ISO 27001 2022 revision. Security in project management is an important part of ISO 27001 – many people are wondering how to set it up, and whether their projects...
How to use ISO 22301 for the implementation of business continuity in ISO 27001
One of the biggest mysteries in ISO 27001 implementation is the Annex A section A.17, which speaks about business continuity management....
One of the biggest mysteries in ISO 27001 implementation is the Annex A section A.17, which speaks about business continuity management. How does business continuity relate to information security, and why is it included in ISO...
Qualifications for an ISO 27001 Internal Auditor
One of the requirements of ISO 27001 is the realization of an internal audit, as set out in Section 9.2 of...
One of the requirements of ISO 27001 is the realization of an internal audit, as set out in Section 9.2 of the standard. But, the question is: Who can perform this internal audit? We will find...
How to implement ISO 27001 and ISO 20000 together
All management systems based on ISO standards have one thing in common: the known cycle of Deming or PDCA (Plan,...
All management systems based on ISO standards have one thing in common: the known cycle of Deming or PDCA (Plan, Do, Check, and Act), which can make the integration of various ISO standards in an...
8 Security Practices to Use in Your Employee Training and Awareness Program
This might be hard to believe, but it is true: 59% of data breaches are happening not because of some...
This might be hard to believe, but it is true: 59% of data breaches are happening not because of some smart hacker who wants to do harm to your company; those breaches are happening because...
How a change in thinking can stop 82% of data breaches
Updated: March 23, 2023, according to the ISO 27001 2022 revision. According to Experian 2023 Second Annual Data Breach Industry...
Updated: March 23, 2023, according to the ISO 27001 2022 revision. According to Experian 2023 Second Annual Data Breach Industry Forecast, the largest number of data security breaches are happening because of human error and...
Small business guide to cyber security: 6 steps against the data breach
Lately we’ve seen many large companies getting hacked: Anthem, Sony, and Target to name just a few. The number of...
Lately we’ve seen many large companies getting hacked: Anthem, Sony, and Target to name just a few. The number of data breaches increased 27.5% in 2014, so measures against these types of security incidents are...
Top 10 information security bloggers in 2014
If you want to stay on top of cybersecurity / information security news and insights, here are the blogs that...
If you want to stay on top of cybersecurity / information security news and insights, here are the blogs that I found the most useful. I listed here only the blogs written by independent authors...
Will a piece of paper stop the attackers?
There are many skeptics who do not believe ISO 27001 can help protect their information and/or information systems; one of...
There are many skeptics who do not believe ISO 27001 can help protect their information and/or information systems; one of their main arguments is: “Writing a policy or a procedure surely won’t help against someone...
The most popular ISO 27001 & ISO 22301 blog posts
This is my 100th blog post! When I started this blog four years ago, I never dreamed I would have...
This is my 100th blog post! When I started this blog four years ago, I never dreamed I would have that many things to write about… And yet, the more I write, the more ideas...
