Show me desktop version

gap-tool-icon1

Return on Security Investment Calculator
Did you ever face a situation where you were told that your security measures were too expensive? Or where you found it very difficult to explain to your management what the consequences could be if an incident occurred? Proving that it is worth investing in security is tough, but our Return on Security Investment (ROSI) calculator can help you. It’s completely free.

DOWNLOAD

OWL

Diagram of ISO 27001:2013 Implementation

Diagram that shows the ISO 27001 implementation process, from the beginning of the project to the certification.

DOWNLOAD

What is ISO 27001?

ISO 27001 is the international standard by ISO (the International Organization for Standardization) for Information Security Management Systems (ISMS). The most recent update of the standard came in 2013, and is referred to as ISO 27001:2013.

 

 

READ MORE

ISO-22301-Where-does-it-fit-EN2-170x124

 

What is ISO 22301?

The full name for this standard is ISO 22301:2012 Societal security – Business continuity management systems – Requirements. This standard is written by leading business continuity experts and provides the best framework for managing business continuity in an organization.

 

 

READ MORE

What’s your first step?

Before beginning your implementation of ISO 27001 or ISO 22301, your first step is recognizing your current issues and where you can improve your information security and/or business continuity management. At that point, you can determine which stage of the process you are in. Maybe you’re just getting started, and trying to decide if ISO 27001 or ISO 22301 can help you solve issues specific to your organization.

Or, perhaps you’re further along in the process. By starting on Step 1, you’ll have the opportunity to define your situation so you know what to do next.

Find more information and support in our ISO 27001 & ISO 22301 Blog

How to apply information security controls in teleworking according to ISO 27001

Allowing employees to work away from the office, i.e., outside of the physical premises of the organization (otherwise known as “teleworking”) is becoming a common practice in the way to do business today. The ability to work remotely is seen as both a source of incentive for an employee’s productivity ...Read more

Should information security focus on asset protection, compliance, or corporate governance?

Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all, this is what the first (2005) revision of ISO 27001, and its predecessor BS 7799-2, also emphasized. These standards required companies to identify all the assets, and then build the ...Read more

Qualitative vs. quantitative risk assessments in information security: Differences and similarities

In the risk assessment process, one common question asked by organizations is whether to go with a quantitative or a qualitative approach. The good news is that by using both approaches you can, in fact, improve your process efficiency towards achieving desired security levels. This article will present the concepts ...Read more

Business Continuity Management vs. Information Security vs. IT Disaster Recovery

For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and IT Disaster Recovery (IT DR). All three areas have something to do with “security,” “losses,” “disasters,” and “protection.” Read on to learn more about the particular roles of disciplines often ...Read more

Aligning information security with the strategic direction of a company according to ISO 27001

There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term “survival” of an Information Security Management System (ISMS) in a company: this is the requirement from clause 5.1 that says that top management needs to ensure that the information security ...Read more

How to manage the security of network services according to ISO 27001 A.13.1.2

Everybody knows that information is stored in information systems (workstations, laptops, smartphones, etc.), but to exchange the information via a network is necessary. Most of the information systems in this world are connected to the same main network – Internet – and, without this network, our society would look pretty ...Read more

Free ISO 27001 / ISO 22301 Consultation

We have ISO 27001 & ISO 22301 consultants ready to talk to you about where your organization is and what actions to take next. We know how complicated things can get, and we’re here to provide guidance you can rely on.

Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933