Show me desktop version
CALL US +1 (646) 759 9933

The ISO 27001 & ISO 22301 Blog

How to manage the security of network services according to ISO 27001 A.13.1.2

Everybody knows that information is stored in information systems (workstations, laptops, smartphones, etc.), but to exchange the information via a network is necessary. Most of the information systems in this world are connected to the same main network – Internet – and, without this network, our society would look pretty …

Read More ...

Clear desk and clear screen policy – What does ISO 27001 require?

Imagine this scene: an employee at his desk, in an open-plan office, is reviewing on his notebook some data to prepare a report about the last quarter financial results, or the pre-selling performance evaluation of the organization’s newest product. He receives a telephone call from his boss about a quick …

Read More ...

How to set security requirements and test systems according to ISO 27001

Security is something that everyone wants to have, but which no one ever wants to use. And this thought can bring a lot of problems. Unless a system’s purpose is security related (e.g., firewall, access system, etc.), users pay little attention to how security is embedded in a product, and …

Read More ...

Secure equipment and media disposal according to ISO 27001

Think about the following scenarios: Printed documents (e.g., budget drafts, or client’s refused proposals) are no longer needed and used as scratch paper, or accumulated in waiting areas for removal. Defective equipment (e.g., CEO’s tablet, or project team’s notebooks) being discarded by maintenance staff, put directly in the trash, or sold as …

Read More ...

Requirements to implement network segregation according to ISO 27001 control A.13.1.3

Think about a house, or office, with only one big space where you can arrange all your loved and precious things the way you think most appropriate. Tempting, isn´t it? The flexibility to use the space and ease of seeing everything right away seems like a big deal. Now, imagine …

Read More ...

ISO 27001 vs. ISO 27032 cybersecurity standard

There are many standards in the ISO 27001 series, all related to security.  You probably don’t know much about ISO 27032:2012 because it is not as well-known as ISO 27001, ISO 27002, or ISO 22301, but it is near you, because it has to do with a place that you …

Read More ...

How to use firewalls in ISO 27001 and ISO 27002 implementation

A firewall is basically software that manages connections between different networks (internal or external), and has the ability to accept a connection, reject it, or filter it under certain parameters. Because this is a key component in any organization, we can consider it as if it were the door of …

Read More ...

How to structure the documents for ISO 27001 Annex A controls

Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to ISO 27001 Annex A. But, which documents should you write? How do you structure them? Which one do you begin with? Here’s what I found to be …

Read More ...

ISO 27000 series – What to expect in 2014

If you are working as an ISO 27001 consultant or practitioner, you are probably heavily dependent on the ISO27k series of standards. Since there are quite a lot of them (see the list here), it is a good idea to keep any eye on the upcoming changes. As I mentioned …

Read More ...

Main changes in the new ISO 27002

Update 2013-09-25: This blog post was updated according to the final version of ISO 27002:2013 that was published on September 25, 2013 In my previous blog post I analyzed the changes between the old ISO 27001 (published in 2005) and the 2013 revision; naturally, controls from ISO 27001 Annex A …

Read More ...

A first look at the new ISO 27001

Update 2013-09-25: This blog post was updated according to the final version of ISO 27001:2013 that was published on September 25, 2013. When I heard the news that the DIS (draft) version of ISO 27001:2013 is available, I was very impatient to read it. When compared to the old ISO/IEC …

Read More ...

ISO 27000 series – What to expect in 2013?

Believe it or not, there are more than 30 standards in the ISO 27k series. And, to make things worse, they are constantly changing because information security theory and best practice are continuously evolving. Here’s what will probably happen in 2013: ISO/IEC 27001 – Since this is the main standard …

Read More ...

What is cybersecurity and how can ISO 27001 help?

Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but at least the general idea is pretty much the same. However, when it comes to the question on how to achieve it, opinions differ sharply. This topic has become so …

Read More ...

ISO 27002 – What will the next revision bring?

It’s been six years since the last revision of ISO/IEC 27002 (in 2005) – much has changed in information security since then, and this standard definitely needs some “facelifting”. Since ISO 27002 is closely tied to ISO 27001, this revision has to be done simultaneously for both standards, and is …

Read More ...
FREE ISO 27001/22301 CONSULTATION
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera

GET FREE ADVICE

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
Implementing Business Impact Analysis according to ISO 22301
Wednesday - November 22, 2017
Show posts:

OUR CLIENTS

OUR PARTNERS

  • Exemplar Global (formerly RABQSA) is leading international authority in certification of training providers.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933