Which security clauses to use for supplier agreements?
Rhand Leal
Running a business on your own these days is practically impossible. Maintaining high levels of performance in every aspect of...
Running a business on your own these days is practically impossible. Maintaining high levels of performance in every aspect of your business to stay competitive means draining precious resources that would be better invested in...
Case study: ISO 27001 implementation in an IT system integrator company
Aleksandra Gakidova
For any major change in our lives, whether professional or personal, there are questions that come up before taking the...
For any major change in our lives, whether professional or personal, there are questions that come up before taking the first step. Here are just a few of the questions that you may face before...
How ISO 27001 can help suppliers comply with U.S. DFARS 7012
DFARS 7012 is an example of how customers’ concerns about protecting their information in the custody of suppliers and outsourced...
DFARS 7012 is an example of how customers’ concerns about protecting their information in the custody of suppliers and outsourced services has led to the establishment of ever more complex security requirements for those who...
How to demonstrate resource provision in ISO 27001
The availability of resources is a critical point in any endeavor. You can have the best ideas and the best...
The availability of resources is a critical point in any endeavor. You can have the best ideas and the best intentions, but if you lack resources you are doomed to failure. So, it may seem...
What to implement first: ISO 22301 or ISO 27001?
Wolfgang Mahr
Implementing ISO management system standards, even with the help of toolkits and consultants, may be a challenging task. In practice,...
Implementing ISO management system standards, even with the help of toolkits and consultants, may be a challenging task. In practice, sometimes it seems appropriate to enhance preparedness and protection in several areas of an organization,...
Should information security focus on asset protection, compliance, or corporate governance?
Dejan Kosutic
Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all,...
Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all, this is what the first (2005) revision of ISO 27001, and its predecessor BS 7799-2,...
Business Continuity Management vs. Information Security vs. IT Disaster Recovery
For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and...
For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and IT Disaster Recovery (IT DR). All three areas have something to do with “security,” “losses,”...
Aligning information security with the strategic direction of a company according to ISO 27001
There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term...
There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term “survival” of an Information Security Management System (ISMS) in a company: this is the requirement...
How to identify ISMS requirements of interested parties in ISO 27001
“If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in...
“If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in the movie Forrest Gump describes perfectly why many projects fail: lack of clear requirements. Definition...
How to integrate ISO 27001 controls into the system/software development life cycle (SDLC)
Updated: March 27, 2023, according to the ISO 27001 2022 revision. Information security is only as good as the processes...
Updated: March 27, 2023, according to the ISO 27001 2022 revision. Information security is only as good as the processes related to it, yet we find many organizations concerned only about whether security features exist...
How two-factor authentication enables compliance with ISO 27001 access controls
Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security...
Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security at all. Because of that, access control stays in the main focus of security teams...
Organizational resilience according to ISO 22316 – Is this another buzzword?
Both management systems standards on information security (ISO 27001) and business continuity (ISO 22301), while trying to encompass the whole...
Both management systems standards on information security (ISO 27001) and business continuity (ISO 22301), while trying to encompass the whole organization, still lack components and dimensions to holistically protect an enterprise. The concept of resilience...
What does ISO 27001 Lead Implementer training look like?
Nina Ugrinoska
The ISMS (Information Security Management System) plays a very important role in every business these days. Since implementation of the...
The ISMS (Information Security Management System) plays a very important role in every business these days. Since implementation of the ISMS can be a complex process (and usually differs in each industry sector), in order...
Segregation of duties in your ISMS according to ISO 27001 A.6.1.2
Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and...
Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and processes (e.g., stock exchange operators and air traffic controllers). While this is good to improve...
How can ISO 27001 help protect your company against ransomware?
Carla Bouca
Ransomware is a sophisticated malware that blocks users’ access to their files through the use of encryption. The attackers will...
Ransomware is a sophisticated malware that blocks users’ access to their files through the use of encryption. The attackers will ask for a ransom to unlock the infected computer. Although ransomware has been known as...
