fbpx

About admin

This author has not yet filled in any details.
So far admin has created 44 blog entries.

Practical Climate Change Considerations for ISO 27001

By |2024-10-11T14:20:05+01:00October 7th, 2024|ISO27001 Certification|

Practical Climate Actions in ISO 27001: Small Steps, Big Impact ISO 27001 requires organisations to consider the impact of climate change as part of their certification. Although the sentence in the standard states "The organization shall determine whether climate change is a relevant issue", we all know that deciding climate change is not an issue for your organisation may not work in accordance with the standard. It can therefore be a challenge to identify practical, implementable steps to consider as part of the Climate Change requirements. [...]

ISO 27001 and Climate Change: Understanding the Connection

By |2024-09-29T17:06:40+01:00September 30th, 2024|ISO27001 Certification|

ISO 27001 and Climate Change: Understanding the Connection As part of the updating that took place to ISO27001, two sentence were added to clause 4. These sentences are "The organization shall determine whether climate change is a relevant issue" and "Relevant interested parties can have requirements related to climate change". Organisations are increasingly recognising the importance of addressing climate change as part of their overall risk management strategy and the inclusion in the standard reflects the growing understanding that environmental factors can have on an organisation's [...]

Configuration Management in ISO 27001

By |2024-09-24T14:25:30+01:00September 23rd, 2024|Cyber Security, ISO27001 Certification, ISO27001 Implementation|

Configuration Management in ISO 27001 plays a crucial role in maintaining the integrity, availability, and confidentiality of an organisation's IT assets. For organisations implementing ISO 27001, an effective configuration management process is not just beneficial—it's essential. This blog post explores the importance of configuration management within the ISO 27001 framework and provides guidance on its implementation. Understanding Configuration Management in ISO 27001 Configuration management involves identifying, controlling, maintaining, and verifying the versions of all critical assets within an organisation's IT environment. Key Objectives: 1. Ensure that [...]

ISO 27001 Surveillance Audits: What They Are and How to Prepare

By |2024-09-13T16:02:33+01:00September 16th, 2024|ISO27001 Certification|

ISO 27001 Surveillance Audits: What They Are and How to Prepare ISO 27001 is an international standard for information security management systems (ISMS). Once an organisation achieves ISO 27001 certification, it must undergo regular surveillance audits to maintain its certified status. This blog post will explain what surveillance audits are, why they occur, and how to prepare for them effectively. What are ISO 27001 Surveillance Audits? Surveillance audits are periodic checks, usually annually, conducted by a certification body to ensure that an organisation continues to comply [...]

ISO 27001 and the CIA Triad: Pillars of Information Security

By |2024-09-08T17:45:57+01:00September 9th, 2024|Information Security, ISO27001 Implementation|

ISO 27001 and the CIA Triad: Pillars of Information Security Information security has become a critical concern for organisations of all sizes and industries. Two fundamental concepts that form the backbone of robust information security practices are ISO 27001 and the CIA triad. YOu can find out more about these concepts and their importance in safeguarding sensitive data. Understanding ISO 27001 ISO 27001 is an internationally recognised standard for information security management systems (ISMS). It provides a framework for organisations to establish, implement, maintain, and continually [...]

The Role of Continuous Improvement in ISO27001 Compliance

By |2024-09-01T16:21:41+01:00September 2nd, 2024|Information Security, ISO27001 Implementation|

The Role of Continuous Improvement in ISO27001 Compliance Overview Compliance with ISO27001 is not a one-time achievement but a continuous journey. The standard itself emphasises the importance of continuous improvement, advocating for ongoing enhancements to an organisation's Information Security Management System (ISMS). This blog post delves into the role of continuous improvement in maintaining ISO27001 compliance, exploring how you can use Plan-Do-Check-Act (PDCA) cycle, tools and techniques for continuous improvement. How to use the Plan-Do-Check-Act (PDCA) Cycle for ISO27001 The PDCA cycle, also known as the [...]

ISO27001 – Control 5.12 – Classification of Information

By |2024-09-08T13:14:30+01:00August 26th, 2024|Information Security, ISO 27001 Controls|

Control 5.12 – Classification of Information Control Information should be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements. What this means There needs to be a classification scheme implemented to protect information assets and this classification scheme should be documented and communicated to all staff and other relevant parties such as contractors, data processors etc. When classifying documents the organisation needs to consider the confidentiality, integrity, and availability requirements in the classification scheme. Try [...]

Bringing New Blood into InfoSec: Why Mentoring Matters

By |2024-08-26T09:10:07+01:00August 19th, 2024|Information Security|

Bringing New Blood into InfoSec: Why Mentoring Matters Let's face it - the information security landscape is evolving faster than ever. With new threats emerging daily, the demand for assurance from clients that their data is secure and the innovative thinking needed to stay ahead of the curve. But how do we nurture the next generation of InfoSec professionals? The answer might be simpler than you think: good old-fashioned mentoring. Now, I know what you're thinking. "Mentoring? Isn't that just extra work for my already overloaded [...]

Scenario vs. Asset-Based Risk Assessments: Understanding the Key Differences

By |2024-08-26T09:14:20+01:00August 12th, 2024|Risk Assessment|

Scenario vs. Asset-Based Risk Assessments: Understanding the Key Differences Risk assessment is a crucial process for organisations to identify, analyse, and mitigate potential threats. Two common approaches to risk assessment are scenario-based and asset-based methods. Each has its strengths and is suited to different contexts. Scenario-Based Risk Assessment Scenario-based risk assessment focuses on identifying potential events or situations that could negatively impact an organisation. It is the one I would recommend for those organisations just starting out looking at the risks faced by their organisation as [...]

Risk Assessment – What scale should I use?

By |2024-08-26T09:11:17+01:00August 5th, 2024|Information Security, Risk Assessment|

Risk Assessment - What Scale should I use? When undertaking a risk assessment process, one of the key things you need to decide upon is the scale you are going to use. I have seen some very complicated risk assessment scales, ones with multiplication of values, a scale of 1 to 10, different areas for reporting risk. It doesn't have to be complicated. Actually the simpler the scale, the easier it is to evaluate risk. Keep it simple Unless your business is complex, multi-million pound and [...]

Go to Top