Show me desktop version

 

The ISO 27001 & ISO 22301 Blog

 

Top 10 information security bloggers in 2014

If you want to stay on top of cybersecurity / information security news and insights, here are the blogs that I found the most useful. I listed here only the blogs written by independent authors (blogs that were not edited …

Read More ...

Risk assessment vs. internal audit in ISO 27001 and ISO 22301

Quite often I see people searching for ISO 27001 or ISO 22301 checklists for performing the internal audit; however, they expect those checklists to help them with, e.g., which information does the organization have, who has access to it, how is it …

Read More ...

Who should be your project manager for ISO 27001/ISO 22301?

If you’re planning to start your ISO 27001 and/or ISO 22301 project, you’re probably wondering who could lead such a complex project – what type of person do you need, with which authorities, and should you go with someone in-house …

Read More ...

Records management in ISO 27001 and ISO 22301

In the beginning of ISO 27001 or ISO 22301 implementation, records might seem like one of those bureaucratic requirements of these standards with no real purpose, and that will only take up your time. However, chances are you already have many records …

Read More ...

Will a piece of paper stop the attackers?

There are many skeptics who do not believe ISO 27001 can help protect their information and/or information systems; one of their main arguments is: “Writing a policy or a procedure surely won’t help against someone who wants to steal your …

Read More ...

ISO 27001 risk assessment: How to match assets, threats and vulnerabilities

The 2013 revision of ISO 27001 allows you to identify risks using any methodology you like; however, the old methodology (defined by the old 2005 revision of ISO 27001), which requires identification of assets, threats and vulnerabilities, is still dominating. …

Read More ...

How to structure the documents for ISO 27001 Annex A controls

Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to ISO 27001 Annex A. But, which documents should you write? How do you structure them? Which one …

Read More ...
/wp-content/uploads/2014/10/Jean-Luc-Allard-wpcf_66x66.jpg

How to create a Communication Plan according to ISO 27001

Communicating is a key activity for any human being. This is also the case for an organization. It helps through exchanging the most correct information to the best audience and at the best moment. It is certainly important in security …

Read More ...

When to use tools for ISO 27001/ISO 22301 and when to avoid them

If you’re starting to implement complex standards like ISO 27001 or ISO 22301, you’re probably looking for a way to make your job easier. Who wouldn’t? After all, reinventing the wheel doesn’t sound like a very interesting job. So, you start …

Read More ...
/wp-content/uploads/2014/10/ISMS-process-chart-wpcf_110x110.png

How to define the ISMS scope

ISMS scope is probably one of the hottest topics since the 2013 revision of ISO 27001 was published, because it introduces some new concepts like interfaces and dependencies. But, when thinking about the scope in a structured way, it is actually …

Read More ...
Show posts: