What to consider in security terms and conditions for employees according to ISO 27001
Rhand Leal
A good way to ensure that people are aware of their roles and responsibilities in an organization is by defining...
A good way to ensure that people are aware of their roles and responsibilities in an organization is by defining policies and procedures to be followed. But this solution has a limitation: they only cover...
How to use Open Web Application Security Project (OWASP) for ISO 27001?
Antonio Jose Segovia
Essentially, OWASP (Open Web Application Security Project) is an online community developing international open projects related to Web Application Security....
Essentially, OWASP (Open Web Application Security Project) is an online community developing international open projects related to Web Application Security. Mainly, it was created to develop secure web applications. Most of these projects have documents,...
How to perform background checks according to ISO 27001
Update 2022-03-16. “The human factor is the weakest link in the security.” How many times have we already heard this...
Update 2022-03-16. “The human factor is the weakest link in the security.” How many times have we already heard this sentence? How many stories have we already heard about security incidents caused by human failure...
Can ISO 27001 help your organization in a DDoS attack?
In a connected world where hundreds of transactions are made every minute, every second your systems are down or inaccessible...
In a connected world where hundreds of transactions are made every minute, every second your systems are down or inaccessible may represent a significant impact on your organizations’ business. And, while prevention of infrastructure failures...
How can ISO 27001 help you comply with SOX section 404
A number of high-profile corporate and accounting scandals collapsed several big players like Enron and WorldCom, and played havoc on...
A number of high-profile corporate and accounting scandals collapsed several big players like Enron and WorldCom, and played havoc on global investment market. In the wake of these scandals, U.S. SOX law was introduced to...
Organizational Resilience – Positioning Against ISO 22301-Based Business Continuity
Wolfgang Mahr
Approaches and methods to successfully and sustainably run businesses are being rapidly developed. Recently, the term of Organizational Resilience was...
Approaches and methods to successfully and sustainably run businesses are being rapidly developed. Recently, the term of Organizational Resilience was interpreted as being the new expression for the term Business Continuity. According to industry sources,...
European 2017 Revision of ISO/IEC 27001: What has changed?
Released at the beginning of April 2017 by BSI (the British Standards Institution), the standard BS EN ISO/IEC 27001:2017 is...
Released at the beginning of April 2017 by BSI (the British Standards Institution), the standard BS EN ISO/IEC 27001:2017 is a corrigendum over previous standard BS ISO/IEC 27001:2013. It has raised some concern among organizations...
How to perform an ISO 27001 second-party audit of an outsourced supplier
To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may...
To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may bring benefits like costs savings, and access to expert knowledge and state-of-the-art technology, it can...
ISO 27001 vs. Cyber Essentials: Similarities and differences
In the Internet environment, big, medium, and small businesses all face similar risks, and many regulatory demands enforce information protection,...
In the Internet environment, big, medium, and small businesses all face similar risks, and many regulatory demands enforce information protection, but differences in resources and knowledge often result in data breaches because of the failure...
How to gain employee buy-in when implementing cybersecurity according to ISO 27001
Hannah Churchman
In the majority of organizations, change is embraced by senior management, but feared by employees. In the case of implementing...
In the majority of organizations, change is embraced by senior management, but feared by employees. In the case of implementing ISO 27001, a committed senior management team (SMT) can understand clearly the benefits that an...
Which security clauses to use for supplier agreements?
Running a business on your own these days is practically impossible. Maintaining high levels of performance in every aspect of...
Running a business on your own these days is practically impossible. Maintaining high levels of performance in every aspect of your business to stay competitive means draining precious resources that would be better invested in...
Case study: ISO 27001 implementation in an IT system integrator company
Aleksandra Gakidova
For any major change in our lives, whether professional or personal, there are questions that come up before taking the...
For any major change in our lives, whether professional or personal, there are questions that come up before taking the first step. Here are just a few of the questions that you may face before...
How ISO 27001 can help suppliers comply with U.S. DFARS 7012
DFARS 7012 is an example of how customers’ concerns about protecting their information in the custody of suppliers and outsourced...
DFARS 7012 is an example of how customers’ concerns about protecting their information in the custody of suppliers and outsourced services has led to the establishment of ever more complex security requirements for those who...
How to demonstrate resource provision in ISO 27001
The availability of resources is a critical point in any endeavor. You can have the best ideas and the best...
The availability of resources is a critical point in any endeavor. You can have the best ideas and the best intentions, but if you lack resources you are doomed to failure. So, it may seem...
What to implement first: ISO 22301 or ISO 27001?
Implementing ISO management system standards, even with the help of toolkits and consultants, may be a challenging task. In practice,...
Implementing ISO management system standards, even with the help of toolkits and consultants, may be a challenging task. In practice, sometimes it seems appropriate to enhance preparedness and protection in several areas of an organization,...
Should information security focus on asset protection, compliance, or corporate governance?
Dejan Kosutic
Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all,...
Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all, this is what the first (2005) revision of ISO 27001, and its predecessor BS 7799-2,...
Business Continuity Management vs. Information Security vs. IT Disaster Recovery
For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and...
For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and IT Disaster Recovery (IT DR). All three areas have something to do with “security,” “losses,”...
Aligning information security with the strategic direction of a company according to ISO 27001
There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term...
There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term “survival” of an Information Security Management System (ISMS) in a company: this is the requirement...
How to identify ISMS requirements of interested parties in ISO 27001
“If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in...
“If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in the movie Forrest Gump describes perfectly why many projects fail: lack of clear requirements. Definition...
How to integrate ISO 27001 controls into the system/software development life cycle (SDLC)
Updated: March 27, 2023, according to the ISO 27001 2022 revision. Information security is only as good as the processes...
Updated: March 27, 2023, according to the ISO 27001 2022 revision. Information security is only as good as the processes related to it, yet we find many organizations concerned only about whether security features exist...
