ISO 27001

Setting Up an ISO 27001-Compliant Remote Work Process

With the spread of more robust information and communication technologies, the possibility of remote work has become viable for a larger number of companies. However, allowing access to a company’s information systems ...
Security Boulevard
ISO 27001: What’s the difference between a risk owner and an asset owner?

ISO 27001: What’s the difference between a risk owner and an asset owner?

| | ISO 27001
The latest iteration of ISO 27001 introduced the concept of risk owners in addition to asset owners. This strengthened the Standard’s stance that organisations must appoint people to take accountability for specific ...
Control your data privacy and cyber risks with CyberComply

ISO 27001: Understanding the needs and expectations of interested parties

| | ISO 27001
Clause 4.2 of ISO 27001 details the needs and expectations of interested parties. An interested party is essentially a stakeholder – an individual or a group of people affected by your organisation’s ...
How to choose the right strategy for ISO 27001 risk management

How to choose the right strategy for ISO 27001 risk management

| | ISO 27001
ISO 27001 is designed to help organisations identify the right approach to take when managing risks. You can’t apply defences to every threat you face, because that would be impractical and prohibitively ...
A key part of the risk assessment involves scoring risks based on the likelihood that they will occur and the damage they will cause.

How to write an information security risk assessment methodology

The purpose of an information security risk assessment is to prioritise threats so that you can allocate time and resources appropriately. To do that, you need a way of calculating the severity ...
What to expect from Stage 1 and Stage 2 ISO 27001 audits

What to expect from Stage 1 and Stage 2 ISO 27001 audits

Those who are just getting to know ISO 27001 will no doubt find the audit a daunting prospect. It’s a big, complex task that can be tricky for even experienced professionals. But, ...
Download your copy

Identifying assets for conducting an asset-based risk assessment

If you’re certifying to ISO 27001, one of the first things you need to do identify your information assets. After all, it’s only once you know what you’re dealing with that you ...

CMMC: The Logical End of ISO 27001, SOC 2 & HITRUST Certifications

In the not-too-distant future, I can clearly see how ISO 27001, SOC 2 and HITRUST certifications could become a diminished, legacy activity, viewed as a rarity left over from marketing efforts to ...
control-427512_1920

6 of the best reports for your ISO 27001 audit

ISO 27001 audits can be intimidating, especially if it’s the first time that your ISMS (information security management system) has been audited. So how can you make sure you’re doing everything that ...
compliance

Paving the Way to Security Compliance

When rolling out a new security strategy, there are several factors you need to consider to ensure compliance For a business to survive amid ever-evolving security threats, it’s essential to adopt a ...
Security Boulevard