ISO 27001 vs. ISO 27002
If you came across both the ISO 27001 and the ISO 27002, you probably noticed that ISO 27002 is much more detailed, much more precise – so, what’s the purpose of ISO 27001 then? First of all, you...
View ArticleISO 27001 Annex A controls
Annex A of ISO 27001 is probably the most mentioned annex of any management standard. Why is there so much talk about it? Why is it sometimes controversial? If you have read the Annex A, you have seen...
View ArticleISO 27002 – What will the next revision bring?
It’s been six years since the last revision of ISO/IEC 27002 (in 2005) – much has changed in information security since then, and this standard definitely needs some “facelifting”. Since ISO 27002 is...
View ArticleISO 27000 series – What to expect in 2013?
Believe it or not, there are more than 30 standards in the ISO 27k series. And, to make things worse, they are constantly changing because information security theory and best practice are continuously...
View ArticleA first look at the new ISO 27001 (2013 draft version)
When I heard the news that the DIS (draft) version of ISO 27001:2013 is publicly available at the BSI website (until 23 March 2013), I was very impatient to read it. Although one should not get too...
View ArticleMain changes in the new ISO 27002 (2013 draft version)
In my previous blog post I analyzed the changes between the old ISO 27001 (published in 2005) and the 2013 draft; naturally, controls from ISO 27001 Annex A cannot change without changing ISO 27002...
View ArticleISO 27000 series – What to expect in 2014
If you are working as an ISO 27001 consultant or practitioner, you are probably heavily dependent on the ISO27k series of standards. Since there are quite a lot of them (see the list here), it is a...
View ArticleOverview of ISO 27001:2013 Annex A
Annex A of ISO 27001 is probably the most famous annex of all the ISO standards – this is because it provides an essential tool for managing security: a list of security controls (or safeguards) that...
View ArticleISO 27001 Certification: What’s next after receiving the audit report?
For those who already run a management system, like an ISMS based on ISO 27001, the certification audit event is already known: the auditor arrives, performs the audit opening, evaluates processes and...
View ArticleHow to use firewalls in ISO 27001 and ISO 27002 implementation
A firewall is basically software that manages connections between different networks (internal or external), and has the ability to accept a connection, reject it, or filter it under certain...
View ArticleHow to perform monitoring and measurement in ISO 27001
Performance monitoring and measurement are key actions in the maintenance and improvement of any system. (See this article for more information: Achieving continual improvement through the use of...
View ArticleHow to use ISO 22301 for the implementation of business continuity in ISO 27001
One of the biggest mysteries in ISO 27001 implementation is the Annex A section A.17, which speaks about business continuity management. How does business continuity relate to information security, and...
View ArticleClik here to view.
Infographic: The brain of an ISO auditor – What to expect at a certification...
If your company is going for the ISO certification (e.g., ISO 9001, ISO 14001, OHSAS 18001, ISO 20000, ISO 22000, ISO 22301, or ISO 27001), you’re probably not very happy about it – certification...
View ArticleApplicability of ISO 27001 across industries
People often mistake ISO 27001 for an IT standard, as something that is applicable to the IT industry only. And they are partially right – lots of IT companies are going for ISO 27001 because they see...
View ArticleHow to manage security in project management according to ISO 27001 A.6.1.5
Security in project management is a completely new thing in the 2013 revision of ISO 27001 – many people are wondering how to set it up, and whether their projects should be covered with this control...
View ArticleHow to make your investment in ISO 27001 profitable
Nothing motivates executives more than profits; so, if you’re proposing your ISO 27001 project to your top management, you should figure out how this project can increase the profit of your company....
View ArticleWhich questions will the ISO 27001 certification auditor ask?
If you’re going to go through the process of an ISO 27001 certification audit in your company, surely you have wondered – What will the auditor ask me? And you know what? The auditor also has questions...
View ArticleHow to handle access control according to ISO 27001
Access control is usually perceived as a technical activity that has to do with opening accounts, setting passwords, and similar stuff – and it is true: access control does include all these things,...
View ArticleAccreditation vs. certification vs. registration in the ISO world
Things with ISO standards can get really complicated: there are many ISO management standards – the most popular ones are ISO 9001, ISO 14001, ISO 27001, ISO 22301, ISO 20000, etc. – and there are a...
View ArticleISO 27001 vs. ITIL: Similarities and differences
IT services are one of the main pathways for information to flow through organizations, their clients and partners, and as legal and contractual requirements are increasingly including information...
View Article
