Dejan Kosutic

About Dejan Kosutic

Expert in information security management (ISO 27001 standard) and business continuity management (BS 25999-2 standard)
Author Archive | Dejan Kosutic

How to Deal with BCM Sceptics?

Have you ever heard something like “It can’t be done”, “It has no use”, or “It’s useless if a major disaster occurs”? If you implemented business continuity management, you probably did. Naturally, such an attitude would not help your project, so here are some suggestions how to handle such people. “If a major disaster occurs, [...]

Read full story Comments { 0 }

ISO 27001 Implementation Checklist

If you are starting to implement ISO 27001, you are probably looking for an easy way to implement it. Let me disappoint you: there is no easy way to do it. However, I’ll try to make your job easier – here is the list of sixteen steps you have to go through if you want [...]

Read full story Comments { 0 }

ISO 27001 vs. ISO 27002

If you came across both the ISO 27001 and the ISO 27002, you probably noticed that ISO 27002 is much more detailed, much more precise – so, what’s the purpose of ISO 27001 then? First of all, you cannot get certified against ISO 27002 because it is not a management standard. What does a management [...]

Read full story Comments { 0 }

Can Business Continuity Strategy Save Your Money?

You are thinking about implementing the business continuity management/BS 25999-2 standard? But then you hear it will cost you a lot? It probably will cost you, but not necessarily as much as you thought – this you can solve with good business continuity strategy. Business continuity strategy, as defined in BS 25999-2 standard, is an [...]

Read full story Comments { 0 }

Using ISO 9001 for Implementing ISO 27001

You have already implemented ISO 9001? You have heard that ISO 27001 might be a good idea? But how can something that has to do with quality help you implement information security? It can, more than you may think. ISO 9001 specifies how the quality management systems (QMS) must look like, while ISO/IEC 27001 specifies [...]

Read full story Comments { 0 }

Four Key Benefits of ISO 27001 Implementation

Have you ever tried to convince your management to fund the implementation of information security? If you have, you probably know how it feels – they will ask you how much it costs, and if it sounds too expensive they will say no. Actually, you shouldn’t blame them – after all, their ultimate responsibility is [...]

Read full story Comments { 0 }

Information Security or IT Security?

One would think that these two terms are synonyms – after all, isn’t information security all about computers? Not really. The basic point is this – you might have perfect IT security measures, but only one malicious act done by, for instance, administrator can bring the whole IT system down. This risk has nothing to [...]

Read full story Comments { 0 }

Problems with Defining the Scope in ISO 27001

You probably knew that the first step in ISO 27001 implementation is defining the scope. What you probably didn’t know is that this step, although simple at first glance, can sometimes cause you quite a lot of trouble. Namely, a lot of companies are trying to decrease their implementation costs by narrowing the scope, but [...]

Read full story Comments { 0 }

How to get certified against ISO 27001?

You have been implementing ISO 27001 for quite a long time, invested quite a lot in education, consultancy and implementation of various controls. Now comes the auditor from a certification body – will you pass the certification?

Read full story Comments { 0 }

Risk Assessment Tips for Smaller Companies

I have seen quite a lot of smaller companies (up to 50 employees) trying to apply risk assessment tools as part of their ISO 27001 implementation project. The result is that it usually takes too much time and money with too little effect. First of all, what is actually risk assessment, and what is its [...]

Read full story Comments { 0 }