• (0)
    ISO-27001-ISO-22301-blog

    Tag: “risk treatment”

    4 mitigation options in risk treatment according to ISO 27001
    Most people think risk assessment is the most difficult part of implementing ISO 27001 – true, risk assessment is probably the most...
    Most people think risk assessment is the most difficult part of implementing ISO 27001 – true, risk assessment is probably the most complex, but risk treatment is definitely the one that is more strategic and more costly....
    Risk appetite and its influence over ISO 27001 implementation
    Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those...
    Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those must include criteria for risk acceptance. Since these criteria have direct influence on how organizational...
    How to organize initial risk assessment according to ISO 27001 and ISO 22301
    Usually, the biggest headache companies have when starting to implementing ISO 22301, and especially ISO 27001, is the risk assessment....
    Usually, the biggest headache companies have when starting to implementing ISO 22301, and especially ISO 27001, is the risk assessment. And, interestingly enough, such a headache happens only when doing this for the first time...
    ISO 31000 and ISO 27001 – How are they related?
    Contrary to the popular belief that ISO 31000 is now mandatory for ISO 27001 implementation, this is not true. However,...
    Contrary to the popular belief that ISO 31000 is now mandatory for ISO 27001 implementation, this is not true. However, ISO 31000 could be quite useful for ISO 27001 implementation – it not only offers...
    Can ISO 27001 risk assessment be used for ISO 22301?
    A few days ago I received the following question from one of our clients: “What is the difference between ISMS...
    A few days ago I received the following question from one of our clients: “What is the difference between ISMS Risk Assessment and BCM Risk Assessment?” And, although the answer to this question might seem...
    How to deal with insider threats?
    “Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this...
    “Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this quite often when speaking to my clients about which security controls they should apply. And...