How to prioritize security investment through risk quantification
Think of a circus juggler balancing dishes, bowls, and other flat objects on sticks. He needs to pay constant attention so as not to let them fall, rotating them at sufficient speed and at the right time. This situation is similar to managing investments in security, where the juggler is ... Read More
ISO enabled free access to ISO 31000, ISO 22301, and other business continuity standards
In response to the recent COVID-19 outbreak, the International Organization for Standardization (ISO) has provided free access to some of its key standards supporting business continuity management, resilience, and risk management. The standards are available in read-only format, and you can find the links here: ISO 22301:2019 Security and resilience ... Read More
How to use ISO standards to address a pandemic
There is no doubt that each pandemic causes damage to businesses worldwide – not only is there the problem of a decrease (or, in some cases, a sharp increase) in demand for products or services, but there is also the problem of how to organize a company to deliver their ... Read More
How an ISO 27001 expert can become a GDPR data protection officer
If you are an ISO 27001 practitioner, you are a professional trained to establish, implement, maintain, and continually improve a risk-managed Information Security Management System (ISMS). You probably already know that many of your skills and expertise are useful also in implementing the EU GDPR. So, in order to increase ... Read More
ISO 27001 in the banking industry: “One standard to rule them all”
Why should banks go with ISO 27001? If you know the “Lord of the Rings” saga, the headline of this article probably sounds familiar. “One ring to rule them all” refers to the magic ring with the power to control all other magic rings. Am I saying that ISO 27001 ... Read More
Do we need to make the transition from ISO 22301:2012 to the 2019 revision?
The new revision of ISO 22301 was finally published on October 31, 2019, and you are probably asking yourself whether you need to implement the whole standard all over again. Well, a new implementation is not quite necessary – although the 2019 revision did bring some changes, they are not ... Read More
3 reasons why ISO 27001 helps to protect confidential information in law firms
ISO 27001 is about protecting information through a set of requirements that, among other methods, preserve information from unauthorized access or use. Every organization handles a variety of information with different associated risks depending on the people or the functional department to which it refers. Law firms are an example ... Read More
How to know which firms are ISO 27001 certified
You have an important project to develop, and you need to hire some external partner, e.g., a SaaS company, to make it to the end. You’ve determined information security to be one of the top-priority criteria that should be fulfilled when deciding which vendor to select for your screening process ... Read More
Accredited ISO certification versus non-accredited: What it means and why it matters
“What’s the difference between accredited ISO certification versus the plain ISO certification or ISO compliance?” This is a question I hear often. It might sound like a mere choice of words, but the difference can have a big impact on your company, and whether you need to get certified to ... Read More
Why is it important for your hosting partner to be certified against ISO 27001?
When it comes to choosing suppliers and service providers for your company, you should work with the utmost care. As we will discuss in this article, your company’s success – and even its survival – may depend on it. Today, we take a closer look at why you should go ... Read More
