Do you really need a consultant for ISO 27001 / BS 25999 implementation?
Dejan Kosutic
I’ve met quite a few companies considering how to start their ISO 27001 / BS 25999 project, with quite different...
I’ve met quite a few companies considering how to start their ISO 27001 / BS 25999 project, with quite different approaches – some are convinced they can do it completely on their own (with no...
What is cybersecurity and how can ISO 27001 help?
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but...
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but at least the general idea is pretty much the same. However, when it comes to...
How to deal with insider threats?
“Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this...
“Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this quite often when speaking to my clients about which security controls they should apply. And...
Cloud computing and ISO 27001 / BS 25999
More and more often people ask me how to deal with cloud computing in the context of ISO 27001 and...
More and more often people ask me how to deal with cloud computing in the context of ISO 27001 and BS 25999. My answer is: use common sense. Their dilemma is quite understandable – these...
Management’s view of information security
If you think your management doesn’t have a clue what information security is all about, keep in mind that misunderstanding...
If you think your management doesn’t have a clue what information security is all about, keep in mind that misunderstanding usually goes both ways: management often thinks you have no idea about what is appropriate...
Does ISO 27001 mean that information is 100% secure?
You have probably heard that important web services like Reddit, HootSuite, Quora, Foursquare etc. have recently suffered a quite lengthy...
You have probably heard that important web services like Reddit, HootSuite, Quora, Foursquare etc. have recently suffered a quite lengthy outage – what you also probably know is that this outage was caused by Amazon...
The biggest shortcomings of ISO 27001
If you’ve been reading my blog, you probably think I’m convinced ISO 27001 is the most perfect document ever written....
If you’ve been reading my blog, you probably think I’m convinced ISO 27001 is the most perfect document ever written. Actually, that’s not true – working with my clients and teaching on the subject, usually...
5 greatest myths about ISO 27001
Very often I hear things about ISO 27001 and I don’t know whether to laugh or cry over them. Actually...
Very often I hear things about ISO 27001 and I don’t know whether to laugh or cry over them. Actually it is funny how people tend to make decisions about something they know very little...
Lessons learned from WikiLeaks: What is exactly information security?
Nowadays WikiLeaks is a hot story for a good reason – it is not very common for confidential documents of...
Nowadays WikiLeaks is a hot story for a good reason – it is not very common for confidential documents of the world’s most powerful government to be published on the Internet. And some of these...
How to learn about ISO 27001 and BS 25999-2
Training is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are...
Training is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are more and more types of courses available, I’ll try to explain their benefits and the...
Problems with defining the scope in ISO 27001
You probably knew that the first step in ISO 27001 implementation is defining the scope. What you probably didn’t know...
You probably knew that the first step in ISO 27001 implementation is defining the scope. What you probably didn’t know is that this step, although simple at first glance, can sometimes cause you quite a...
Information security policy – how detailed should it be?
Quite often I see information security policies written in too much detail, trying to cover everything from strategic objectives to...
Quite often I see information security policies written in too much detail, trying to cover everything from strategic objectives to how many numerical digits a password should contain. The only problem with such policies is...
Dilemmas with ISO 27001 & BS 25999-2 internal auditors
If this is the first time you have come across the notion of internal auditor, you are probably puzzled –...
If this is the first time you have come across the notion of internal auditor, you are probably puzzled – Why would I need another control? Who is going to pay for it? Who should...
Information security or IT security?
Update 2014-08-11: The number of controls was updated according to 2013 revision of ISO 27001. One would think that these...
Update 2014-08-11: The number of controls was updated according to 2013 revision of ISO 27001. One would think that these two terms are synonyms – after all, isn’t information security all about computers? Not really....
Main obstacles to the implementation of ISO 27001
You have this great idea that ISO 27001 will help you achieve compliance, attract new customers, decrease cost of incidents,...
You have this great idea that ISO 27001 will help you achieve compliance, attract new customers, decrease cost of incidents, and streamline your core IT processes? The idea is nice, but when it comes to...
