Implementing restrictions on software installation using ISO 27001 control A.12.6.2
Antonio Jose Segovia
Currently, in all companies around the world, it is necessary to install software (operating systems, office applications, financial applications, applications...
Currently, in all companies around the world, it is necessary to install software (operating systems, office applications, financial applications, applications development, etc.). But, in general, the installation of this software is not sufficiently controlled, which...
Key performance indicators for an ISO 27001 ISMS
Rhand Leal
Think about a medical exam. Our objective is for the physician to tell us that our health is ok and...
Think about a medical exam. Our objective is for the physician to tell us that our health is ok and that we’ll live a long life, right? And how does the physician evaluate our health...
How to protect against external and environmental threats according to ISO 27001 A.11.1.4
Physical security plays a critical role in information protection, because even the best designed, implemented, and maintained technical and administrative...
Physical security plays a critical role in information protection, because even the best designed, implemented, and maintained technical and administrative controls, whether IT related or from some other area, are of little help if an...
How to use penetration testing for ISO 27001 A.12.6.1
A famous historical hacker, Kevin Mitnick, said on one occasion: “I get hired by companies to hack into their systems...
A famous historical hacker, Kevin Mitnick, said on one occasion: “I get hired by companies to hack into their systems and break into their physical facilities to find security holes. Our success rate is 100%;...
How to set security requirements and test systems according to ISO 27001
Security is something that everyone wants to have, but which no one ever wants to use. And this thought can...
Security is something that everyone wants to have, but which no one ever wants to use. And this thought can bring a lot of problems. Unless a system’s purpose is security related (e.g., firewall, access...
How to use cryptography according to ISO 27001 control A.8.24
Updated: December 28, 2022., according to the ISO 27001:2022 revision. Today, information travels constantly from one part of the world to...
Updated: December 28, 2022., according to the ISO 27001:2022 revision. Today, information travels constantly from one part of the world to another through email, online transactions, USB flash drives, and external hard drives. Outside the facilities...
Media & equipment disposal – what is it and how to do it in line with ISO 27001
Update 2022-4-26. Today, hard drive and other media devices are less common than they were some years ago, because the...
Update 2022-4-26. Today, hard drive and other media devices are less common than they were some years ago, because the current trend is to use the cloud, although there are still a lot of people...
ISO 27001 vs. ISO 27017 – Information security controls for cloud services
Dejan Kosutic
The future of ISO 27017, together with ISO 27018, seems quite bright: they define security standards for today’s fastest-growing industry...
The future of ISO 27017, together with ISO 27018, seems quite bright: they define security standards for today’s fastest-growing industry – cloud computing. This topic is so big and so hot, that these two standards...
Logging according to ISO 27001 A.8.15
Updated: January 21, 2023, according to ISO 27001:2022 revision. It’s easy in “peaceful” times, but when security incidents arise –...
Updated: January 21, 2023, according to ISO 27001:2022 revision. It’s easy in “peaceful” times, but when security incidents arise – you need to start from somewhere. And you need to start by finding out what...
ISO 27018 – Standard for protecting privacy in the cloud
Update 2022-04-25. If your company is delivering services in the cloud, you probably have more and more customers asking you...
Update 2022-04-25. If your company is delivering services in the cloud, you probably have more and more customers asking you how their personal data is protected. ISO 27001 is certainly a good way to do it;...
Using ITIL to implement ISO 27001 incident management
Incident management is one of the key processes to ensure the effectiveness of any business operation. With more or less...
Incident management is one of the key processes to ensure the effectiveness of any business operation. With more or less sophistication and maturity, practically any organization has practices in place to deal with undesired events,...
How to implement network segregation according to ISO 27001 control A.13.1.3
Update 2022-09-06. Think about a house, or office, with only one big space where you can arrange all your loved...
Update 2022-09-06. Think about a house, or office, with only one big space where you can arrange all your loved and precious things the way you think most appropriate. Tempting, isn’t it? The flexibility to...
How to handle incidents according to ISO 27001 A.16
One of the issues that most concern managers of an organization is that their employees (although employees are not the...
One of the issues that most concern managers of an organization is that their employees (although employees are not the only source of incidents, but also clients, providers, etc.) be able to work without any...
ISO 27001 project management: Implementing complex security controls using Work Breakdown Structure (WBS)
What do diverse situations like the Battle of Trafalgar (1805), the Cooley–Tukey FFT algorithm (1965), and the multi-sided market competition...
What do diverse situations like the Battle of Trafalgar (1805), the Cooley–Tukey FFT algorithm (1965), and the multi-sided market competition have in common? They are all examples of big or complex problems divided into smaller...
How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1
You have certainly already heard, or lived, this scenario: it is a normal day and the systems are working fine,...
You have certainly already heard, or lived, this scenario: it is a normal day and the systems are working fine, when suddenly they slow down for no apparent reason or simply stop. User support starts...
3 phases of delivering an ISO 27001/ISO 22301 consulting job
If you’re an independent consultant at the beginning of your career, you’re probably wondering how to perform your first consulting...
If you’re an independent consultant at the beginning of your career, you’re probably wondering how to perform your first consulting job for ISO 27001 or ISO 22301 implementation. But, don’t worry – here’s what you need...
Understanding IT disaster recovery according to ISO 27031
Rashpal Singh
Last updated on March 11, 2022. Disaster recovery is the ability of an organization to respond to and recover from...
Last updated on March 11, 2022. Disaster recovery is the ability of an organization to respond to and recover from an event that negatively impacts its operations. Disaster recovery methods enable an organization to quickly...
How to manage changes in an ISMS according to ISO 27001 A.12.1.2
Changes are necessary in the information technology sector, mainly because every so often it is necessary to update servers, systems,...
Changes are necessary in the information technology sector, mainly because every so often it is necessary to update servers, systems, etc. But risks (seen from an information security point of view) arise when changes are...
What is a BYOD policy, and how can you easily write one using ISO 27001 controls?
One would expect that ISO 27001, the leading information security standard, would have strict requirements regarding BYOD. However, you would...
One would expect that ISO 27001, the leading information security standard, would have strict requirements regarding BYOD. However, you would be surprised – such requirements do not exist, and what’s more, BYOD is ever mentioned...
ISO 27032 – What is it, and how does it differ from ISO 27001?
There are many standards in the ISO 27001 series, all related to security. You probably don’t know much about ISO...
There are many standards in the ISO 27001 series, all related to security. You probably don’t know much about ISO 27032:2012 because it is not as well-known as ISO 27001, ISO 27002, or ISO 22301,...
