ISO 27001 vs. ISO 27017 – Information security controls for cloud services
The future of ISO 27017, together with ISO 27018, seems quite bright: they define security standards for today’s fastest-growing industry – cloud computing. This topic is so big and so hot, that these two standards might achieve the same level of success as their “older brothers” ISO 27001 and ISO ... Read More
ISO 27018 – Standard for protecting privacy in the cloud
Update 2022-04-25. If your company is delivering services in the cloud, you probably have more and more customers asking you how their personal data is protected. ISO 27001 is certainly a good way to do it; however, some enlightened customers might ask you for even more – compliance with ISO 27018, ... Read More
CISA vs. ISO 27001 Lead Auditor certification
In a previous post, I talked about personal certifications helping the organization to comply with ISO 27001 clause 7.2 (see this post How personal certificates can help your company’s ISMS). In today’s post, I will show you two specific personal certifications (CISA and ISO 27001 Lead Auditor) and how they can ... Read More
Information classification according to ISO 27001
Updated: November 14, 2022., according to ISO 27001:2022 revision. Classification of information is certainly one of the most attractive parts of information security management, but at the same time, one of the most misunderstood. This is probably due to the fact that historically, information classification was the first element of information ... Read More
