NIST Cybersecurity Framework or ISO 27001 – Which is the better choice for your company?
On February 12, 2014, the National Institute of Standards and Technology (NIST) published Framework for Improving Critical Infrastructure Cybersecurity, commonly...
On February 12, 2014, the National Institute of Standards and Technology (NIST) published Framework for Improving Critical Infrastructure Cybersecurity, commonly known as Cybersecurity Framework. If you already came across ISO 27001, you’re probably wondering: What...
Is the ISO 27001 Manual really necessary?
Updated: January 20, 2025, according to the ISO 27001:2022 revision. Sometimes I receive questions on whether the ISO 27001 Manual...
Updated: January 20, 2025, according to the ISO 27001:2022 revision. Sometimes I receive questions on whether the ISO 27001 Manual is required by the standard, and how to write it. I even lost some potential...
What is the ISO 27000 series?
Updated: November 16, 2023. If you are working as an ISO 27001 consultant or practitioner, you are probably heavily dependent...
Updated: November 16, 2023. If you are working as an ISO 27001 consultant or practitioner, you are probably heavily dependent on the ISO/IEC 27000-series of standards. Since there are quite a lot of them (see...
ISO 27001 Case study for data centers: An interview with Goran Djoreski
DK: More than a year and a half has passed since you were certified by ISO 27001 – what are...
DK: More than a year and a half has passed since you were certified by ISO 27001 – what are your impressions? Was it really worth it? GD: It was definitely worth it, since it...
How to address main concerns with ISO 27001 implementation
Last week I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send...
Last week I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send me their top concerns regarding ISO 27001 implementation before those webinars. I’ve summarized most common...
Is ISO 27001 among the top ISO standards?
Do you know which ISO standards are the most popular? And whether ISO 27001 is among the most popular? There...
Do you know which ISO standards are the most popular? And whether ISO 27001 is among the most popular? There is both good and bad news for information security enthusiasts – ISO 27001 really is...
One Information Security Policy, or several policies?
Very often I see questions on various forums on how to develop an Information Security Policy. Quite frankly, I don’t...
Very often I see questions on various forums on how to develop an Information Security Policy. Quite frankly, I don’t think it is a good idea to stuff all the security rules into a single...
5 criteria for choosing an ISO 22301 / ISO 27001 consultant
If you’re implementing ISO 27001 or ISO 22301 for the first time, you’re probably considering hiring a consultant to help...
If you’re implementing ISO 27001 or ISO 22301 for the first time, you’re probably considering hiring a consultant to help you. But, which consultant should you hire, what are the potential problems, and how much...
A first look at the new ISO 27001
Update 2013-09-25: This blog post was updated according to the final version of ISO 27001:2013 that was published on September...
Update 2013-09-25: This blog post was updated according to the final version of ISO 27001:2013 that was published on September 25, 2013. When I heard the news that the DIS (draft) version of ISO 27001:2013...
ISO 27000 series – What to expect in 2013?
Believe it or not, there are more than 30 standards in the ISO 27k series. And, to make things worse,...
Believe it or not, there are more than 30 standards in the ISO 27k series. And, to make things worse, they are constantly changing because information security theory and best practice are continuously evolving. Here’s...
4 reasons why ISO 27001 is useful for techies
Very often when I start ISO 27001 consulting job in a company I hear complaints from system administrators, IT managers,...
Very often when I start ISO 27001 consulting job in a company I hear complaints from system administrators, IT managers, and other IT staff like, “Oh no, now we’re going to get swamped with a...
5 ways to avoid overhead with ISO 27001 (and keep the costs down)
There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of...
There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of money for something we’re not sure is worth it; and (2) the annoyance of maintaining...
The documentation myth – Why the templates are not enough?
I noticed that many people running ISO 27001 projects who have downloaded documentation templates think “I have the templates now...
I noticed that many people running ISO 27001 projects who have downloaded documentation templates think “I have the templates now – the rest is easy. I’ll write a few documents, show them to auditor, and...
ISO 27001 control objectives – Why are they important?
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers...
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers on the subject of management theory) said “What gets measured gets managed”. The same goes...
Lessons learned from ISO 27001 implementation
Many readers of this blog asked me to present a real-life experience of ISO 27001 implementation in a company. Since...
Many readers of this blog asked me to present a real-life experience of ISO 27001 implementation in a company. Since I would be too subjective if I started writing my own impressions, I decided to...