Show me desktop version

 

The ISO 27001 & ISO 22301 Blog

 

Will a piece of paper stop the attackers?

There are many skeptics who do not believe ISO 27001 can help protect their information and/or information systems; one of their main arguments is: “Writing a policy or a procedure surely won’t help against someone who wants to steal your …

Read More ...

ISO 27001 risk assessment: How to match assets, threats and vulnerabilities

The 2013 revision of ISO 27001 allows you to identify risks using any methodology you like; however, the old methodology (defined by the old 2005 revision of ISO 27001), which requires identification of assets, threats and vulnerabilities, is still dominating. …

Read More ...

How to structure the documents for ISO 27001 Annex A controls

Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to ISO 27001 Annex A. But, which documents should you write? How do you structure them? Which one …

Read More ...
/wp-content/uploads/2014/10/Jean-Luc-Allard-wpcf_66x66.jpg

How to create a Communication Plan according to ISO 27001

Communicating is a key activity for any human being. This is also the case for an organization. It helps through exchanging the most correct information to the best audience and at the best moment. It is certainly important in security …

Read More ...

When to use tools for ISO 27001/ISO 22301 and when to avoid them

If you’re starting to implement complex standards like ISO 27001 or ISO 22301, you’re probably looking for a way to make your job easier. Who wouldn’t? After all, reinventing the wheel doesn’t sound like a very interesting job. So, you start …

Read More ...
/wp-content/uploads/2014/10/ISMS-process-chart-wpcf_110x110.png

How to define the ISMS scope

ISMS scope is probably one of the hottest topics since the 2013 revision of ISO 27001 was published, because it introduces some new concepts like interfaces and dependencies. But, when thinking about the scope in a structured way, it is actually …

Read More ...
/wp-content/uploads/2014/09/RhandLealPhoto-wpcf_66x66.jpg

How personal certificates can help your company’s ISMS

One of the greatest challenges in managing information security is assuring that people can handle information and execute security activities in a proper manner. Unprepared and untrained people can pose a risk to information, and to business, and they are …

Read More ...

List of free ISO 27001 and ISO 22301 resources

As you probably noticed, we recently launched the redesigned 27001Academy website; what you may not have noticed are all the free resources we offer on the website. Here they are: Basic explanation of ISO 27001 and ISO 22301: Simple explanation of …

Read More ...

How detailed should the ISO 27001 documents be?

When starting to write a policy or a procedure, you’re probably puzzled as to how lengthy it should be. And the truth is, ISO 27001 (as well as other ISO standards like ISO 20000, ISO 9001, ISO 14001 and others) are very flexible …

Read More ...

How to write ISO 27001 risk assessment methodology

Without a doubt, risk assessment is the most complex step in the ISO 27001 implementation; however, many companies make this step even more difficult by defining the wrong methodology (or by not defining the methodology at all). What does ISO 27001 …

Read More ...
Show posts: