ISO 27001 Case study for data centers: An interview with Goran Djoreski
Dejan Kosutic
DK: More than a year and a half has passed since you were certified by ISO 27001 – what are...
DK: More than a year and a half has passed since you were certified by ISO 27001 – what are your impressions? Was it really worth it? GD: It was definitely worth it, since it...
How to address main concerns with ISO 27001 implementation
Last week I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send...
Last week I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send me their top concerns regarding ISO 27001 implementation before those webinars. I’ve summarized most common...
Cybersecurity Executive Order confirms how crucial information security is for critical infrastructure
For a long time a debate has been going on regarding whether information security/cybersecurity has something to do with critical...
For a long time a debate has been going on regarding whether information security/cybersecurity has something to do with critical infrastructure, and if yes, how important cybersecurity is for critical infrastructure. This dilemma is definitely...
Top management perspective of information security implementation
I guess many information security specialists make one fatal mistake when speaking to their management: they assume their executives understand...
I guess many information security specialists make one fatal mistake when speaking to their management: they assume their executives understand the basics of information security. (Unfortunately, sometimes I’m not an exception to that rule, either.)...
4 reasons why ISO 27001 is useful for techies
Very often when I start ISO 27001 consulting job in a company I hear complaints from system administrators, IT managers,...
Very often when I start ISO 27001 consulting job in a company I hear complaints from system administrators, IT managers, and other IT staff like, “Oh no, now we’re going to get swamped with a...
Chief Information Security Officer (CISO) – where does he belong in an org chart?
Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it...
Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it without a person who would coordinate and manage such activities. But then they face the...
Top 10 information security blogs
There is a huge amount of information about information security on the Internet, so it is really difficult to stay...
There is a huge amount of information about information security on the Internet, so it is really difficult to stay informed about really relevant stuff. This is why I made this list – I wanted...
ISO 27001 control objectives – Why are they important?
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers...
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers on the subject of management theory) said “What gets measured gets managed”. The same goes...
What is cybersecurity and how can ISO 27001 help?
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but...
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but at least the general idea is pretty much the same. However, when it comes to...
How to deal with insider threats?
“Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this...
“Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this quite often when speaking to my clients about which security controls they should apply. And...
Is it possible to calculate the Return on Security Investment (ROSI)?
If you are an information security or business continuity professional, then you’re probably aware of the most difficult part of...
If you are an information security or business continuity professional, then you’re probably aware of the most difficult part of your job: to convince your management that investment in information security/business continuity makes sense. Traditionally,...
Management’s view of information security
If you think your management doesn’t have a clue what information security is all about, keep in mind that misunderstanding...
If you think your management doesn’t have a clue what information security is all about, keep in mind that misunderstanding usually goes both ways: management often thinks you have no idea about what is appropriate...
Lessons learned from WikiLeaks: What is exactly information security?
Nowadays WikiLeaks is a hot story for a good reason – it is not very common for confidential documents of...
Nowadays WikiLeaks is a hot story for a good reason – it is not very common for confidential documents of the world’s most powerful government to be published on the Internet. And some of these...
Information security or IT security?
Update 2014-08-11: The number of controls was updated according to 2013 revision of ISO 27001. One would think that these...
Update 2014-08-11: The number of controls was updated according to 2013 revision of ISO 27001. One would think that these two terms are synonyms – after all, isn’t information security all about computers? Not really....
The basic logic of ISO 27001: How does information security work?
Updated: December 20, 2022., according to ISO 27001:2022 revision. When speaking with someone new to ISO 27001, very often I encounter...
Updated: December 20, 2022., according to ISO 27001:2022 revision. When speaking with someone new to ISO 27001, very often I encounter the same problem: this person thinks the standard will describe in detail everything they need...
