Do you really need a consultant for ISO 27001 / BS 25999 implementation?
I’ve met quite a few companies considering how to start their ISO 27001 / BS 25999 project, with quite different...
I’ve met quite a few companies considering how to start their ISO 27001 / BS 25999 project, with quite different approaches – some are convinced they can do it completely on their own (with no...
What is cybersecurity and how can ISO 27001 help?
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but...
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but at least the general idea is pretty much the same. However, when it comes to...
How to deal with insider threats?
“Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this...
“Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this quite often when speaking to my clients about which security controls they should apply. And...
Cloud computing and ISO 27001 / BS 25999
More and more often people ask me how to deal with cloud computing in the context of ISO 27001 and...
More and more often people ask me how to deal with cloud computing in the context of ISO 27001 and BS 25999. My answer is: use common sense. Their dilemma is quite understandable – these...
Management’s view of information security
If you think your management doesn’t have a clue what information security is all about, keep in mind that misunderstanding...
If you think your management doesn’t have a clue what information security is all about, keep in mind that misunderstanding usually goes both ways: management often thinks you have no idea about what is appropriate...