How two-factor authentication enables compliance with ISO 27001 access controls
Rhand Leal
Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security...
Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security at all. Because of that, access control stays in the main focus of security teams...
Organizational resilience according to ISO 22316 – Is this another buzzword?
Wolfgang Mahr
Both management systems standards on information security (ISO 27001) and business continuity (ISO 22301), while trying to encompass the whole...
Both management systems standards on information security (ISO 27001) and business continuity (ISO 22301), while trying to encompass the whole organization, still lack components and dimensions to holistically protect an enterprise. The concept of resilience...
What does ISO 27001 Lead Implementer training look like?
Nina Ugrinoska
The ISMS (Information Security Management System) plays a very important role in every business these days. Since implementation of the...
The ISMS (Information Security Management System) plays a very important role in every business these days. Since implementation of the ISMS can be a complex process (and usually differs in each industry sector), in order...
Segregation of duties in your ISMS according to ISO 27001 A.6.1.2
Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and...
Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and processes (e.g., stock exchange operators and air traffic controllers). While this is good to improve...
How can ISO 27001 help protect your company against ransomware?
Carla Bouca
Ransomware is a sophisticated malware that blocks users’ access to their files through the use of encryption. The attackers will...
Ransomware is a sophisticated malware that blocks users’ access to their files through the use of encryption. The attackers will ask for a ransom to unlock the infected computer. Although ransomware has been known as...
Data Privacy Protection, ISO 27001 and CISPE Code of Conduct
With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data...
With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data of European citizens are rushing to adapt their operations to new requirements to avoid problems...
Does ISO 27001 implementation satisfy EU GDPR requirements?
Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General...
Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General Data Protection Regulation (EU GDPR) requirements?” and “Our company is ISO 27001 certified. Are we...
Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003
Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these...
Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information...
What does ISO 27001 Lead Auditor training look like?
Updated: August 20, 2023. In the last four years I’ve been preparing and presenting a lot of trainings for ISO...
Updated: August 20, 2023. In the last four years I’ve been preparing and presenting a lot of trainings for ISO 27001 Lead Auditor. At the end, participants understand that this is just the beginning of the...
Resolving cloud security concerns by defining clear responsibilities according to ISO 27017
Cloud solutions are attractive answers for those who look for cost savings and quick demand response infrastructure, and Internet searches...
Cloud solutions are attractive answers for those who look for cost savings and quick demand response infrastructure, and Internet searches can show you how these kinds of solutions are rapidly growing and being adopted by...
How to manage network security according to ISO 27001 A.13.1
As more and more people and organizations become interconnected, more and more information is exchanged, from that considered trivial and...
As more and more people and organizations become interconnected, more and more information is exchanged, from that considered trivial and disposable to that most sensitive and necessary for people’s lives and business survival. That’s why...
How to document roles and responsibilities according to ISO 27001
Dejan Kosutic
Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very...
Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very detailed definition of roles and responsibilities. Actually, this is not true. Please don’t get me...
How ISO 27001 and ISO 27799 complement each other in health organizations
Antonio Jose Segovia
More and more hospitals are interested in protecting their patient information, but they see ISO 27001 as not being specific enough....
More and more hospitals are interested in protecting their patient information, but they see ISO 27001 as not being specific enough. Although it covers many general aspects about information security, you can integrate it with other...
What is the ISO 27001 Information Security Policy, and how can you write it yourself?
Update 2022-04-08. The content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001...
Update 2022-04-08. The content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001 – very often, the purpose of this document is misunderstood, and in many cases, people...
What is an Information Security Management System (ISMS)?
Updated: November 8, 2023. If you’re working with ISO 27001, you’ve surely came across the term “Information Security Management System”...
Updated: November 8, 2023. If you’re working with ISO 27001, you’ve surely came across the term “Information Security Management System” or ISMS. Pretty vague term, isn’t it? In the following article, we will give you...
How to use NIST SP 800-53 for the implementation of ISO 27001 controls
Update 2022-09-07. In my previous article, How to use the NIST SP800 series of standards for ISO 27001 implementation, I...
Update 2022-09-07. In my previous article, How to use the NIST SP800 series of standards for ISO 27001 implementation, I made a description about the NIST SP800 series (documents describing computer security practices, published by...
How to use the NIST SP800 series of standards for ISO 27001 implementation
Although ISO 27001, an international standard for information security management, provides control objectives and controls that cover a wide range of...
Although ISO 27001, an international standard for information security management, provides control objectives and controls that cover a wide range of security issues, they are not exhaustive. Thus, ISO 27001 clauses 6.1.3 b) and c) note...
How to implement equipment physical protection according to ISO 27001 A.11.2
Most of the companies today have physical equipment protection methods and controls to protect themselves from malicious software (viruses, trojans,...
Most of the companies today have physical equipment protection methods and controls to protect themselves from malicious software (viruses, trojans, etc.), to prevent employees from accessing malicious sites (filtering addresses through proxy servers), or to...
ISO 27001 vs. ITIL: Similarities and differences
IT services are one of the main pathways for information to flow through organizations, their clients and partners, and as...
IT services are one of the main pathways for information to flow through organizations, their clients and partners, and as legal and contractual requirements are increasingly including information protection demands (the healthcare industry is an...
What to look for when hiring a security professional
Besides proper procedures and technologies, counting on good professionals can make all the difference during implementation and operation of any...
Besides proper procedures and technologies, counting on good professionals can make all the difference during implementation and operation of any process or project. The “Apollo 13” movie shows what skilled men can do when procedures...
