Show me desktop version
CALL US +1 (646) 759 9933

The ISO 27001 & ISO 22301 Blog

8 Security Practices to Use in Your Employee Training and Awareness Program

This might be hard to believe, but it is true: 59% of data breaches are happening not because of some smart hacker who wants to do harm to your company; those breaches are happening because of your own employees. As I’ve argued in my article How a change in thinking …

Read More ...

How a change in thinking can stop 59% of security incidents

According to Experian 2015 Second Annual Data Breach Industry Forecast, the largest number of security incidents are happening because of human error and malicious insiders: “… the majority of data breaches originate inside company walls. Employees and negligence are the leading cause of security incidents but remain the least reported …

Read More ...

How personal certificates can help your company’s ISMS

One of the greatest challenges in managing information security is assuring that people can handle information and execute security activities in a proper manner. Unprepared and untrained people can pose a risk to information, and to business, and they are as dangerous as any other known threats. ISO 27001 requirements …

Read More ...

Lead Auditor Course vs. Lead Implementer Course – Which one to go for?

If you are just entering the world of ISO 27001 or ISO 22301, you’re probably considering going for some training. This is certainly a good idea; however, which course is better for you – Lead Auditor Course, or Lead Implementer Course? Everything you’ll read in this article is valid not …

Read More ...

How to perform training & awareness for ISO 27001 and ISO 22301

Most of the information security/business continuity practitioners I speak with have the same problem: the employees in their companies don’t take them seriously – not only the top managers, but also their peers. This is due to the fact that the employees usually do not understand what information security or …

Read More ...

5 ways to avoid overhead with ISO 27001 (and keep the costs down)

There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of money for something we’re not sure is worth it; and (2) the annoyance of maintaining such a system will cost us even more. Yes, ISO 27001 does require an investment, …

Read More ...

The documentation myth – Why the templates are not enough?

I noticed that many people running ISO 27001 projects who have downloaded documentation templates think “I have the templates now – the rest is easy. I’ll write a few documents, show them to auditor, and it’ll be over in a few days”. Unfortunately, it’s not that easy. Here’s why: 1. …

Read More ...

Lessons learned from ISO 27001 implementation

Many readers of this blog asked me to present a real-life experience of ISO 27001 implementation in a company. Since I would be too subjective if I started writing my own impressions, I decided to interview my clients – Dragomir Perica and Ivancica Ljubic from Dabar informatika d.o.o., a company …

Read More ...

Do you really need a consultant for ISO 27001 / BS 25999 implementation?

I’ve met quite a few companies considering how to start their ISO 27001 / BS 25999 project, with quite different approaches – some are convinced they can do it completely on their own (with no prior ISO 27001 knowledge), while others thought they can do it with the help of …

Read More ...

Activation procedures for business continuity plan

Having a business continuity plan is nice, but if you don’t know when and how to start using it, the money you’ve invested in it was spent in vain. Even worse, you’ll likely lose quite a lot of money because your business operations will be disrupted. What is a business …

Read More ...

How much does ISO 27001 implementation cost?

This is usually one of the first questions I receive from the potential client. To their disappointment, I cannot give them the exact figure right away – here is why. First of all, the total cost of implementation will depend on the size of your organization (or the size of …

Read More ...

How to learn about ISO 27001 and BS 25999-2

Training is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are more and more types of courses available, I’ll try to explain their benefits and the differences between them. The first is the list of in-person courses – these courses are …

Read More ...

BS 25999-2 implementation checklist

Your management has given you the task to implement business continuity, but you’re not really sure how to do it? Although it is not an easy task, you can use the BS 25999-2 methodology to make your life easier – here are the main steps necessary to implement this standard: …

Read More ...

How to deal with BCM sceptics?

Have you ever heard something like “It can’t be done”, “It has no use”, or “It’s useless if a major disaster occurs”? If you implemented business continuity management, you probably did. Naturally, such an attitude would not help your project, so here are some suggestions how to handle such people. …

Read More ...
FREE ISO 27001/22301 CONSULTATION
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera

GET FREE ADVICE

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
Seven key problems to avoid in ISO 27001 implementation
Wednesday - May 3, 2017
Show posts:
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933