Quantcast
Channel: 27001Academy
Browsing latest articles
Browse All 75 View Live

Image may be NSFW.
Clik here to view.

Is ISO 27001 among the top ISO standards?

Do you know which ISO standards are the most popular? And whether ISO 27001 is among the most popular? There is both good and bad news for information security enthusiasts – ISO 27001 really is among...

View Article



How to choose a certification body

If you are implementing ISO 27001 or ISO 22301 (or any other ISO management standard), you’re probably wondering which certification body to hire. What are the criteria you should apply when making the...

View Article

ISO 22301 benefits: How to get your management’s approval for a business...

If you think your management loves to listen to you talk about your great idea for a disaster recovery site, or a perfect tool you’ve discovered for handling business continuity plans, you’re wrong –...

View Article

List of mandatory documents required by ISO 27001 (2013 revision)

With the new revision of ISO/IEC 27001 published only a couple of days ago, many people are wondering what documents are mandatory in this new 2013 revision. Are there more or fewer documents required?...

View Article

Image may be NSFW.
Clik here to view.

Infographic: New ISO 27001 2013 revision – What has changed?

Click here to register for a free webinar What’s new in ISO 27001 2013 revision: How to make a transition from ISO 27001 2005 revision.

View Article


How to make a transition from ISO 27001 2005 revision to 2013 revision

If you already implemented ISO 27001 2005 revision, you are probably thinking to yourself: “Oh no, now that the 2013 revision is published, we have to do it all over again.” Well, this is not quite...

View Article

How to address main concerns with ISO 27001 implementation

Last week I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send me their top concerns regarding ISO 27001 implementation before those webinars. I’ve summarized most...

View Article

ISO 27001 Case study for data centers: An interview with Goran Djoreski

DK: More than a year and a half has passed since you were certified by ISO 27001 – what are your impressions? Was it really worth it? GD: It was definitely worth it, since it turned out that an ISO...

View Article


NFPA 1600 vs. ISO 22301 – Similarities and differences

If you are a business continuity practitioner in the U.S., you’re probably wondering which standard to apply – NFPA 1600 or ISO 22301. After all, they are both business continuity standards, and they...

View Article


How to define activities when implementing business continuity according to...

In several places in ISO 22301, it is required to define the activities within the company; not only this, activities are a basic unit upon which the business impact analysis is made. So what are these...

View Article

How to approach an auditor in a certification audit

If you’re going for the certification audit, you are probably wondering how to approach the auditor. In my opinion, the most important thing is not to forget that auditors are only people, and no...

View Article

How to make an Internal Audit checklist for ISO 27001 / ISO 22301

If you are planning your ISO 27001 or ISO 22301 internal audit for the first time, you are probably puzzled by the complexity of the standard and what you should check out during the audit. So, you’re...

View Article

Image may be NSFW.
Clik here to view.

How to implement business impact analysis (BIA) according to ISO 22301

I’ve spoken to many business continuity practitioners, and most of them (both beginners and experts) are telling me that the most difficult part of ISO 22301 implementation is the business impact...

View Article


Practical use of corrective actions for ISO 27001 and ISO 22301

Is your company one of those that has no idea what the purpose of corrective actions is? Do you prepare your corrective actions only a couple of days prior to your certification audit? And do you think...

View Article

Image may be NSFW.
Clik here to view.

New book – Becoming Resilient: The Definitive Guide to ISO 22301 Implementation

As you may have heard, on December 19 I’ll publish my new book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation. So, if you are a business continuity practitioner looking for some...

View Article


ISO 27000 series – What to expect in 2014

If you are working as an ISO 27001 consultant or practitioner, you are probably heavily dependent on the ISO27k series of standards. Since there are quite a lot of them (see the list here), it is a...

View Article

ISO 27001 gap analysis vs. risk assessment

Very often I see people confuse gap analysis with risk assessment – which is understandable, since the purpose of both is to identify deficiencies in their company’s information security. However, from...

View Article


Is the ISO 27001 Manual really necessary?

Sometimes I receive questions on whether the ISO 27001 Manual is required by the standard, and how to write it. I even lost some potential clients because I told them that we do not have such a...

View Article

Overview of ISO 27001:2013 Annex A

Annex A of ISO 27001 is probably the most famous annex of all the ISO standards – this is because it provides an essential tool for managing security: a list of security controls (or safeguards) that...

View Article

Setting the business continuity objectives in ISO 22301

Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301 implementation. Most of the business continuity implementers have...

View Article

Which one to go with – Cybersecurity Framework or ISO 27001?

On February 12, 2014, the National Institute of Standards and Technology (NIST) published Framework for Improving Critical Infrastructure Cybersecurity, commonly known as Cybersecurity Framework. If...

View Article


Why is management review important for ISO 27001 and ISO 22301?

Like some other clauses in ISO 27001 and ISO 22301, clause 9.3, which defines requirements for management review, is one of the most misunderstood and most underappreciated elements of these standards....

View Article


Should your company go for the ISO 27001 / ISO 22301 certification?

If your company is in the process of ISO 27001 or ISO 22301 implementation, you are probably wondering whether to go for the certification. And, as you probably know, certification is not mandatory –...

View Article

Risk assessment vs. business impact analysis

If you are implementing ISO 27001, or especially ISO 22301 for the first time, you are probably puzzled with risk assessment and business impact analysis. What is their purpose? How are they different?...

View Article

The most popular ISO 27001 & ISO 22301 blog posts

This is my 100th blog post! When I started this blog four years ago, I never dreamed I would have that many things to write about… And yet, the more I write, the more ideas I have – right now, I have...

View Article


Image may be NSFW.
Clik here to view.

ISO 31000 and ISO 27001 – How are they related?

Contrary to the popular belief that ISO 31000 is now mandatory for ISO 27001 implementation, this is not true. However, ISO 31000 could be quite useful for ISO 27001 implementation – it not only offers...

View Article

How to identify interested parties according to ISO 27001 and ISO 22301

One of the hot questions these days is related to clause 4.2 in both ISO 27001 and ISO 22301 – Understanding the needs and expectations of interested parties. Actually, their identification is not so...

View Article

Has the PDCA Cycle been removed from the new ISO standards?

Lately I’ve been receiving (too) many questions asking, “Why did the new revision of ISO 27001 cut out the PDCA cycle?” And, on first sight, you might be misled because the standard really doesn’t...

View Article

Risk owners vs. asset owners in ISO 27001:2013

The 2013 revision of ISO 27001 introduced a new concept: the risk owner. Since this concept brought quite a lot of confusion with information security practitioners, here’s an explanation of what the...

View Article



How to organize initial risk assessment according to ISO 27001 and ISO 22301

Usually, the biggest headache companies have when starting to implementing ISO 22301, and especially ISO 27001, is the risk assessment. And, interestingly enough, such a headache happens only when...

View Article

Image may be NSFW.
Clik here to view.

The basic logic of ISO 27001: How does information security work?

When speaking with someone new to ISO 27001, very often I encounter the same problem: this person thinks the standard will describe in detail everything they need to do – for example, how often they...

View Article

Image may be NSFW.
Clik here to view.

Information classification according to ISO 27001

Classification of information is certainly one of the most attractive parts of information security management, but at the same time, one of the most misunderstood. This is probably due to the fact...

View Article

Image may be NSFW.
Clik here to view.

How to perform training & awareness for ISO 27001 and ISO 22301

Most of the information security/business continuity practitioners I speak with have the same problem: the employees in their companies don’t take them seriously – not only the top managers, but also...

View Article


How to handle Asset register (Asset inventory) according to ISO 27001

Unfortunately, if you already developed a fixed asset register, it is not going to be enough to be compliant with ISO 27001 – the concept of asset inventory (sometimes called the asset register) in...

View Article

Major vs. minor nonconformities in the certification audit

If your company is considering going for the certification, it is always a good thing to know what to expect. Since nonconformities are one of the most important outcomes of the certification audit...

View Article

Roles and responsibilities of top management in ISO 27001 and ISO 22301

Did you know that, in most cases, failure to implement ISO 27001 or ISO 22301 was directly related to the fact that top management did not want to assume their responsibilities for information security...

View Article


Lead Auditor Course vs. Lead Implementer Course – Which one to go for?

If you are just entering the world of ISO 27001 or ISO 22301, you’re probably considering going for some training. This is certainly a good idea; however, which course is better for you – Lead Auditor...

View Article


What is the job of Chief Information Security Officer (CISO) in ISO 27001?

It may sound rather funny, but ISO 27001 does not require a company to nominate a Chief Information Security Officer, or any other person who would coordinate information security (e.g., Information...

View Article

Image may be NSFW.
Clik here to view.

6-step process for handling supplier security according to ISO 27001

Since more and more data is being processed and stored with third parties, the protection of such data is becoming an increasingly significant issue for information security professionals – it’s no...

View Article

What has changed in risk assessment in ISO 27001:2013

Risk assessment has always been a hot topic, and especially now with the changes in the ISO 27001 2013 revision – there are many doubts as to whether the risk assessment you’ve done according to the...

View Article

How to maintain the ISMS after the certification

If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with your Information Security Management System (ISMS) has just begun. OK, but where do you start?...

View Article


How to become an ISO 27001 / ISO 22301 consultant

If you are thinking about a career change, becoming an independent consultant for ISO 27001 and/or ISO 22301 certainly sounds like an attractive option. But what do you need to know, and what do you...

View Article

8 criteria to decide which ISO 27001 policies and procedures to write

If you’re just starting to implement ISO 27001 in your company, you’re probably in a dilemma as to how many documents you need to have, and whether to write certain policies and procedures or not....

View Article


Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization)

Clause 4.1 is a completely new requirement in the 2013 revision of ISO 27001, and it has caused quite some confusion because it is rather vague. (By the way, there is very similar confusion with ISO...

View Article

Risk appetite and its influence over ISO 27001 implementation

Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those must include criteria for risk acceptance. Since these...

View Article


How to write ISO 27001 risk assessment methodology

Without a doubt, risk assessment is the most complex step in the ISO 27001 implementation; however, many companies make this step even more difficult by defining the wrong methodology (or by not...

View Article

How detailed should the ISO 27001 documents be?

When starting to write a policy or a procedure, you’re probably puzzled as to how lengthy it should be. And the truth is, ISO 27001 (as well as other ISO standards like ISO 20000, ISO 9001, ISO 14001...

View Article

List of free ISO 27001 and ISO 22301 resources

As you probably noticed, we recently launched the redesigned 27001Academy website; what you may not have noticed are all the free resources we offer on the website. Here they are: Basic explanation of...

View Article

How personal certificates can help your company’s ISMS

One of the greatest challenges in managing information security is assuring that people can handle information and execute security activities in a proper manner. Unprepared and untrained people can...

View Article


Image may be NSFW.
Clik here to view.

How to define the ISMS scope

ISMS scope is probably one of the hottest topics since the 2013 revision of ISO 27001 was published, because it introduces some new concepts like interfaces and dependencies. But, when thinking about...

View Article

Browsing latest articles
Browse All 75 View Live




Latest Images