Tag Archives | ISO 27001

ISO 22301 to Replace BS 25999-2

According to various sources, the leading business continuity standard BS 25999-2 will be replaced by an international standard ISO 22301 by the end of 2011. This kind of transition is normal – the same thing happens with most management standards, for instance with ISO 27001 when in 2005 it succeeded BS 7799-2. So what are [...]

Read full story Comments { 0 }

How Much Does ISO 27001 Implementation Cost?

This is usually one of the first questions I receive from the potential client. To their disappointment, I cannot give them the exact figure right away – here is why. First of all, the total cost of implementation will depend on the size of your organization (or the size of the business unit(s) that will [...]

Read full story Comments { 0 }

Lessons Learned from WikiLeaks: What is Information Security Exactly?

Nowadays WikiLeaks is a hot story for a good reason – it is not very common for confidential documents of the world’s most powerful government to be published on the Internet. And some of these documents are, to put it mildly, embarrassing. Here I am not going to write about whether it was legal for [...]

Read full story Comments { 0 }

Mandatory Documented Procedures Required by ISO 27001

If you heard that ISO 27001 requires many procedures, this is not quite true. The standard actually requires only four documented procedures: a procedure for the control of documents, a procedure for internal ISMS audits, a procedure for corrective action, and a procedure for preventive action. The term “documented” means that “the procedure is established, [...]

Read full story Comments { 1 }

ISO 27001 Annex A Controls

Annex A of ISO 27001 is probably the most mentioned annex of any management standard. Why is there so much talk about it? Why is it sometimes controversial? If you have read the Annex A, you have seen that 133 security controls are listed there. If that is the case, what is the main part [...]

Read full story Comments { 0 }

ISO 27001 Implementation Checklist

If you are starting to implement ISO 27001, you are probably looking for an easy way to implement it. Let me disappoint you: there is no easy way to do it. However, I’ll try to make your job easier – here is the list of sixteen steps you have to go through if you want [...]

Read full story Comments { 0 }

ISO 27001 vs. ISO 27002

If you came across both the ISO 27001 and the ISO 27002, you probably noticed that ISO 27002 is much more detailed, much more precise – so, what’s the purpose of ISO 27001 then? First of all, you cannot get certified against ISO 27002 because it is not a management standard. What does a management [...]

Read full story Comments { 0 }

Using ISO 9001 for Implementing ISO 27001

You have already implemented ISO 9001? You have heard that ISO 27001 might be a good idea? But how can something that has to do with quality help you implement information security? It can, more than you may think. ISO 9001 specifies how the quality management systems (QMS) must look like, while ISO/IEC 27001 specifies [...]

Read full story Comments { 0 }

Four Key Benefits of ISO 27001 Implementation

Have you ever tried to convince your management to fund the implementation of information security? If you have, you probably know how it feels – they will ask you how much it costs, and if it sounds too expensive they will say no. Actually, you shouldn’t blame them – after all, their ultimate responsibility is [...]

Read full story Comments { 0 }

Information Security or IT Security?

One would think that these two terms are synonyms – after all, isn’t information security all about computers? Not really. The basic point is this – you might have perfect IT security measures, but only one malicious act done by, for instance, administrator can bring the whole IT system down. This risk has nothing to [...]

Read full story Comments { 0 }