About admin

This author has not yet filled in any details.
So far admin has created 57 blog entries.

ISO27001 – Control 5.9 – Inventory of information and other associated assets

By |2024-05-28T12:11:45+01:00May 28th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.9 - Inventory of information and other associated assets Control An inventory of information and other associated assets, including owners, should be developed and maintained. What this means Organizations should develop and maintain an inventory of their information assets and other associated resources, including details about who owns each asset. The purpose is to identify all the organization's important information and assets in order to properly secure them and assign clear ownership responsibilities. Ownership should be assigned when assets are created or when [...]

Read More
 0

Do I need special Software to get ISO27001?

By |2024-05-31T14:05:39+01:00May 20th, 2024|Information Security, ISO27001 Implementation|

This is a question we get asked regularly "Is the software that is designed to monitor ISo27001 worth the investment?" If your organisation is ISO 27001 certified, you know how important it is to have a systematic approach for monitoring and managing your information security policies and controls. While there are software solutions specifically designed for this purpose, some organisations opt to use spreadsheets to track their compliance efforts. Let's look at the pros and cons of each approach. Dedicated ISO 27001 Compliance Software The advantages [...]

Read More
 0

ISO27001 – Control 5.8 – Information Security In Project Management

By |2024-05-13T15:03:48+01:00May 13th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.8 - Information Security in Project Management Control Information security should be integrated into Project Management. What this means When planning and executing projects, it's essential to integrate information security practices throughout the entire project lifecycle. Information security risks can derail projects and jeopardise deliverables if not addressed proactively. This can be applied to any type of project regardless of its complexity, size, duration, discipline or application area (e.g. a project for a core business process, ICT, facility management or other supporting processes). [...]

Read More
 0

How to create an effective Policy

By |2024-05-06T11:37:26+01:00May 6th, 2024|Information Security, policies and procedures|

Creating Effective Policy and Procedure Documents Having well-written and easy-to-follow policies is crucial for ensuring consistency and compliance within an organisation. However knowing what the format should look like can be a challenge and getting it wrong means lots of changes. We've written hundred of policies for clients and so I am going to share our format for creating easy to understand and follow policies. Here's the structure we use for creating effective policy documents: Front Cover I know a lot of people think that having [...]

Read More
 0

Demystifying ISO 27001: Your Simple Project Guide

By |2024-04-26T18:29:52+01:00April 29th, 2024|ISO27001 Implementation|

Demystifying ISO 27001: Your Simple Project Guide Embarking on the journey towards ISO 27001 certification for your business can seem like a daunting project. However, with the right approach and understanding, achieving this milestone can be a rewarding and transformative experience. Let's delve into how ISO 27001 can be viewed as a project and how you can navigate through it successfully. Project Planning Phase Setting Objectives: Just like any project, defining clear objectives is crucial. Identify why you are pursuing ISO 27001 certification and what outcomes [...]

Read More
 0

ISO27001 – Control 5.7 – Threat Intelligence

By |2024-04-26T17:58:33+01:00April 26th, 2024|Cyber Security, Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.7 - Threat Intelligence Control Information relating to information security threats should be collected and analysed to produce threat intelligence. What this means Organizations should gather and analyze information about security threats to understand the risks they face. This "threat intelligence" can help them take appropriate actions to prevent attacks or reduce the impact of an attack. Threat intelligence has three levels: Strategic - High-level information about the overall landscape of threats and attackers Tactical - Details on the methods, tools, and technologies [...]

Read More
 0

ISO27001 – Control 5.6 – Contact with Special Interest Groups

By |2024-04-11T14:58:45+01:00April 15th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.6 - Contact with Special Interest Groups Control The organization shall establish and maintain contact with special interest groups or other specialist security forums and professional associations. What this means As an organization, it's important to establish and maintain contact with special interest groups, security forums, and professional associations related to information security. Why is this important? The goal is to ensure there is an appropriate flow of information when it comes to information security. How can you do this? Here are some [...]

Read More
 0

ISO27001 – Control 5.5 – Contact with Authorities

By |2024-05-16T11:52:17+01:00April 8th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.5 - Contact with Authorities Control The organization should establish and maintain contact with relevant authorities. What this means The aim of this control is to ensure an open dialogue with regard to information security and incidents between the organisation and relevant legal, regulatory, and supervisory authorities. This means the organization should: Identify the proper authorities to contact about information security issues. This could include law enforcement, regulatory agencies, supervisory bodies, etc. List the proper authorities, usually in your interested parties policy. Decide [...]

Read More
 0

Embracing Least Privilege for Stronger Information Security

By |2024-03-29T12:00:15+00:00April 1st, 2024|Cyber Security, ISO 27001 Controls|

Embracing Least Privilege for Stronger Information Security The principle of least privilege is a fundamental concept in information security that aims to restrict user access rights to only what is essential for performing their job role. By granting users the minimum level of access necessary, organisations can significantly reduce the risk of accidental or intentional misuse of sensitive data and systems. Least Privilege requires software and folders to be managed in a way that each user's access can be restricted to that information that they need [...]

Read More
 0

Can I use a consultant in a different country to help us achieve ISO27001 certification?

By |2024-03-14T14:28:35+00:00March 18th, 2024|ISO27001 Implementation|

Can I use a consultant in a different country to help us achieve ISO27001 Certification? We are frequently asked this question, particularly by companies from the United States who want to work with us. In today's business landscape, information security knows no borders. As organisations increasingly operate across multiple regions and engage in cross-border transactions, the need for a standard approach to information security has never been more critical. That's where ISO 27001 comes in. It's an international standard that gives a proven framework for information [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top