Implementing restrictions on software installation using ISO 27001 control A.12.6.2
Antonio Jose Segovia
Currently, in all companies around the world, it is necessary to install software (operating systems, office applications, financial applications, applications...
Currently, in all companies around the world, it is necessary to install software (operating systems, office applications, financial applications, applications development, etc.). But, in general, the installation of this software is not sufficiently controlled, which...
Key performance indicators for an ISO 27001 ISMS
Rhand Leal
Think about a medical exam. Our objective is for the physician to tell us that our health is ok and...
Think about a medical exam. Our objective is for the physician to tell us that our health is ok and that we’ll live a long life, right? And how does the physician evaluate our health...
How to protect against external and environmental threats according to ISO 27001 A.11.1.4
Physical security plays a critical role in information protection, because even the best designed, implemented, and maintained technical and administrative...
Physical security plays a critical role in information protection, because even the best designed, implemented, and maintained technical and administrative controls, whether IT related or from some other area, are of little help if an...
How to use penetration testing for ISO 27001 A.12.6.1
A famous historical hacker, Kevin Mitnick, said on one occasion: “I get hired by companies to hack into their systems...
A famous historical hacker, Kevin Mitnick, said on one occasion: “I get hired by companies to hack into their systems and break into their physical facilities to find security holes. Our success rate is 100%;...
How to set security requirements and test systems according to ISO 27001
Security is something that everyone wants to have, but which no one ever wants to use. And this thought can...
Security is something that everyone wants to have, but which no one ever wants to use. And this thought can bring a lot of problems. Unless a system’s purpose is security related (e.g., firewall, access...
How to use cryptography according to ISO 27001 control A.8.24
Updated: December 28, 2022., according to the ISO 27001:2022 revision. Today, information travels constantly from one part of the world to...
Updated: December 28, 2022., according to the ISO 27001:2022 revision. Today, information travels constantly from one part of the world to another through email, online transactions, USB flash drives, and external hard drives. Outside the facilities...
Media & equipment disposal – what is it and how to do it in line with ISO 27001
Update 2022-4-26. Today, hard drive and other media devices are less common than they were some years ago, because the...
Update 2022-4-26. Today, hard drive and other media devices are less common than they were some years ago, because the current trend is to use the cloud, although there are still a lot of people...
ISO 27001 vs. ISO 27017 – Information security controls for cloud services
Dejan Kosutic
The future of ISO 27017, together with ISO 27018, seems quite bright: they define security standards for today’s fastest-growing industry...
The future of ISO 27017, together with ISO 27018, seems quite bright: they define security standards for today’s fastest-growing industry – cloud computing. This topic is so big and so hot, that these two standards...
Logging according to ISO 27001 A.8.15
Updated: January 21, 2023, according to ISO 27001:2022 revision. It’s easy in “peaceful” times, but when security incidents arise –...
Updated: January 21, 2023, according to ISO 27001:2022 revision. It’s easy in “peaceful” times, but when security incidents arise – you need to start from somewhere. And you need to start by finding out what...
ISO 27018 – Standard for protecting privacy in the cloud
Update 2022-04-25. If your company is delivering services in the cloud, you probably have more and more customers asking you...
Update 2022-04-25. If your company is delivering services in the cloud, you probably have more and more customers asking you how their personal data is protected. ISO 27001 is certainly a good way to do it;...
Using ITIL to implement ISO 27001 incident management
Incident management is one of the key processes to ensure the effectiveness of any business operation. With more or less...
Incident management is one of the key processes to ensure the effectiveness of any business operation. With more or less sophistication and maturity, practically any organization has practices in place to deal with undesired events,...
How to implement network segregation according to ISO 27001 control A.13.1.3
Update 2022-09-06. Think about a house, or office, with only one big space where you can arrange all your loved...
Update 2022-09-06. Think about a house, or office, with only one big space where you can arrange all your loved and precious things the way you think most appropriate. Tempting, isn’t it? The flexibility to...
How to handle incidents according to ISO 27001 A.16
One of the issues that most concern managers of an organization is that their employees (although employees are not the...
One of the issues that most concern managers of an organization is that their employees (although employees are not the only source of incidents, but also clients, providers, etc.) be able to work without any...
ISO 27001 project management: Implementing complex security controls using Work Breakdown Structure (WBS)
What do diverse situations like the Battle of Trafalgar (1805), the Cooley–Tukey FFT algorithm (1965), and the multi-sided market competition...
What do diverse situations like the Battle of Trafalgar (1805), the Cooley–Tukey FFT algorithm (1965), and the multi-sided market competition have in common? They are all examples of big or complex problems divided into smaller...
How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1
You have certainly already heard, or lived, this scenario: it is a normal day and the systems are working fine,...
You have certainly already heard, or lived, this scenario: it is a normal day and the systems are working fine, when suddenly they slow down for no apparent reason or simply stop. User support starts...
