ISO 27001 Case study for data centers: An interview with Goran Djoreski
Dejan Kosutic
DK: More than a year and a half has passed since you were certified by ISO 27001 – what are...
DK: More than a year and a half has passed since you were certified by ISO 27001 – what are your impressions? Was it really worth it? GD: It was definitely worth it, since it...
How to address main concerns with ISO 27001 implementation
Last week I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send...
Last week I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send me their top concerns regarding ISO 27001 implementation before those webinars. I’ve summarized most common...
Cybersecurity Executive Order confirms how crucial information security is for critical infrastructure
For a long time a debate has been going on regarding whether information security/cybersecurity has something to do with critical...
For a long time a debate has been going on regarding whether information security/cybersecurity has something to do with critical infrastructure, and if yes, how important cybersecurity is for critical infrastructure. This dilemma is definitely...
Top management perspective of information security implementation
I guess many information security specialists make one fatal mistake when speaking to their management: they assume their executives understand...
I guess many information security specialists make one fatal mistake when speaking to their management: they assume their executives understand the basics of information security. (Unfortunately, sometimes I’m not an exception to that rule, either.)...
4 reasons why ISO 27001 is useful for techies
Very often when I start ISO 27001 consulting job in a company I hear complaints from system administrators, IT managers,...
Very often when I start ISO 27001 consulting job in a company I hear complaints from system administrators, IT managers, and other IT staff like, “Oh no, now we’re going to get swamped with a...
Chief Information Security Officer (CISO) – where does he belong in an org chart?
Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it...
Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it without a person who would coordinate and manage such activities. But then they face the...
Top 10 information security blogs
There is a huge amount of information about information security on the Internet, so it is really difficult to stay...
There is a huge amount of information about information security on the Internet, so it is really difficult to stay informed about really relevant stuff. This is why I made this list – I wanted...
ISO 27001 control objectives – Why are they important?
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers...
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers on the subject of management theory) said “What gets measured gets managed”. The same goes...
What is cybersecurity and how can ISO 27001 help?
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but...
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but at least the general idea is pretty much the same. However, when it comes to...
How to deal with insider threats?
“Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this...
“Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this quite often when speaking to my clients about which security controls they should apply. And...
