According to various sources, the leading business continuity standard BS 25999-2 will be replaced by an international standard ISO 22301 by the end of 2011. This kind of transition is normal – the same thing happens with most management standards, for instance with ISO 27001 when in 2005 it succeeded BS 7799-2. So what are [...]
Tag Archives | ISO 27001
How Much Does ISO 27001 Implementation Cost?
This is usually one of the first questions I receive from the potential client. To their disappointment, I cannot give them the exact figure right away – here is why. First of all, the total cost of implementation will depend on the size of your organization (or the size of the business unit(s) that will [...]
Lessons Learned from WikiLeaks: What is Information Security Exactly?
Nowadays WikiLeaks is a hot story for a good reason – it is not very common for confidential documents of the world’s most powerful government to be published on the Internet. And some of these documents are, to put it mildly, embarrassing. Here I am not going to write about whether it was legal for [...]
Mandatory Documented Procedures Required by ISO 27001
If you heard that ISO 27001 requires many procedures, this is not quite true. The standard actually requires only four documented procedures: a procedure for the control of documents, a procedure for internal ISMS audits, a procedure for corrective action, and a procedure for preventive action. The term “documented” means that “the procedure is established, [...]
ISO 27001 Annex A Controls
Annex A of ISO 27001 is probably the most mentioned annex of any management standard. Why is there so much talk about it? Why is it sometimes controversial? If you have read the Annex A, you have seen that 133 security controls are listed there. If that is the case, what is the main part [...]
ISO 27001 Implementation Checklist
If you are starting to implement ISO 27001, you are probably looking for an easy way to implement it. Let me disappoint you: there is no easy way to do it. However, I’ll try to make your job easier – here is the list of sixteen steps you have to go through if you want [...]
ISO 27001 vs. ISO 27002
If you came across both the ISO 27001 and the ISO 27002, you probably noticed that ISO 27002 is much more detailed, much more precise – so, what’s the purpose of ISO 27001 then? First of all, you cannot get certified against ISO 27002 because it is not a management standard. What does a management [...]
Using ISO 9001 for Implementing ISO 27001
You have already implemented ISO 9001? You have heard that ISO 27001 might be a good idea? But how can something that has to do with quality help you implement information security? It can, more than you may think. ISO 9001 specifies how the quality management systems (QMS) must look like, while ISO/IEC 27001 specifies [...]
Four Key Benefits of ISO 27001 Implementation
Have you ever tried to convince your management to fund the implementation of information security? If you have, you probably know how it feels – they will ask you how much it costs, and if it sounds too expensive they will say no. Actually, you shouldn’t blame them – after all, their ultimate responsibility is [...]
Information Security or IT Security?
One would think that these two terms are synonyms – after all, isn’t information security all about computers? Not really. The basic point is this – you might have perfect IT security measures, but only one malicious act done by, for instance, administrator can bring the whole IT system down. This risk has nothing to [...]
-
Which Top 8 Telephony Vendors Save You Money
-
What is Your Digital Grid?
-
Web Design Update for the week of 5/14
-
May 2012 Patch Tuesday Overview
-
DataStax Enterprise – Big Data Management for the Enterprise
-
Cassandra Essentials Tutorials: What is DataStax Enterprise
-
Open Source and Cloud
-
SEO – is it really THAT important?
-
Internet Crime Complaint Center’s (IC3) Scam Alerts 4/20/2012
-
Leadership Mistakes of the Galatic Empire
-
What is Your Digital Grid?
-
Which Language Do You Speak, Facilities Talk or IT Dialect?
-
Google Brings Intelligence with Knowledge Graph
-
VoIP 101: Phone Systems Buyers & Comparison Guides
-
Web Design Update for the week of 5/14
-
Cassandra Essentials Tutorials: What is DataStax Enterprise
-
SEO – is it really THAT important?
-
Which Top 8 Telephony Vendors Save You Money
-
Some Basics of Cloud Computing in 10 Minutes
-
Free Whitepaper on Cloud-Based Endpoint Security
Subscribe / Connect
Subscribe to our e-mail newsletter to receive updates.
