Achieving continual improvement through the use of maturity models
Rhand Leal
Like any other ISO management system, ISO 27001 has a requirement for continual improvement (clause 10.2). It is like that because...
Like any other ISO management system, ISO 27001 has a requirement for continual improvement (clause 10.2). It is like that because no process, no matter how well established and implemented, compliant with ISO standards or not,...
Special interest groups: A useful resource to support your ISMS
An Information Security Management System (ISMS) is only as good as its ability to keep up with the requirements of...
An Information Security Management System (ISMS) is only as good as its ability to keep up with the requirements of the business and provide adequate protection against the risks the organization is exposed to. To...
Qualifications for an ISO 27001 Internal Auditor
Antonio Jose Segovia
Updated: June 11, 2025. One of the requirements of ISO 27001 is the realization of an internal audit, as set...
Updated: June 11, 2025. One of the requirements of ISO 27001 is the realization of an internal audit, as set out in Section 9.2 of the standard. But, the question is: Who can perform this...
Physical security in ISO 27001: How to protect the secure areas
Jean-Luc Allard
Your information and IT assets aren’t located in the middle of nowhere. They need a roof, walls, doors, and adequate...
Your information and IT assets aren’t located in the middle of nowhere. They need a roof, walls, doors, and adequate operating conditions. Just like human beings. Software has back doors (not always to be exploited...
8 Security Practices to Use in Your Employee Training and Awareness Program
Dejan Kosutic
This might be hard to believe, but it is true: 59% of data breaches are happening not because of some...
This might be hard to believe, but it is true: 59% of data breaches are happening not because of some smart hacker who wants to do harm to your company; those breaches are happening because...
What Can War Teach Us About Mainframe Security?
Vaune M. Carr
The mainframe environment, or Big Iron, continues to grow at a rate of about 5% per year according to recent...
The mainframe environment, or Big Iron, continues to grow at a rate of about 5% per year according to recent predictions. While experts have historically considered the Mainframe to be the safest environment from a...
How a change in thinking can stop 82% of data breaches
Updated: March 23, 2023, according to the ISO 27001 2022 revision. According to Experian 2023 Second Annual Data Breach Industry...
Updated: March 23, 2023, according to the ISO 27001 2022 revision. According to Experian 2023 Second Annual Data Breach Industry Forecast, the largest number of data security breaches are happening because of human error and...
Small business guide to cyber security: 6 steps against the data breach
Lately we’ve seen many large companies getting hacked: Anthem, Sony, and Target to name just a few. The number of...
Lately we’ve seen many large companies getting hacked: Anthem, Sony, and Target to name just a few. The number of data breaches increased 27.5% in 2014, so measures against these types of security incidents are...
Explanation of the basic terminology in ISO standards
Updated 2015-12-11: Number of mandatory clauses When I deliver various trainings for ISO 27001 and ISO 22301, it always turns out...
Updated 2015-12-11: Number of mandatory clauses When I deliver various trainings for ISO 27001 and ISO 22301, it always turns out that one of the hottest topics is about which policies and procedures need to be...
Who should be your project manager for ISO 27001/ISO 22301?
If you’re planning to start your ISO 27001 and/or ISO 22301 project, you’re probably wondering who could lead such a...
If you’re planning to start your ISO 27001 and/or ISO 22301 project, you’re probably wondering who could lead such a complex project – what type of person do you need, with which authorities, and should...
