This article is based on a review of 20 gap audit reports for a variety of organizations, including public sector …
aec
ISMS Business Context
Before embarking on the development and implementation of an ISMS, it is important to understand your organisation, its context and …
ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
Introduction ISO/IEC 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information …
Cybersecurity for Everyone, Not Just the IT Department
Cybersecurity is for everyone, not just the IT department. All the time and capital you’ve invested in a robust security plan means nothing if human error is not addressed. Protect your company, your employees and your security investment by ensuring everyone in your organization is executing best practices when it comes to information security.
Disaster recovery and business continuity planning with ISO 9001
If you produce components for manufacturers who expect their suppliers to deliver on time and consistently to recognised standards, they …
ISO 27001 – PROTECTING YOUR BUSINESS AGAINST CYBER CRIME
Cyber crime is on the increase and reported incidents are regularly being publicised in the national press. Businesses can no …
ISO/IEC 27002:2013-Information technology — Security techniques — Code of practice for information security controls (second edition)
ISO/IEC 27002 is a popular, internationally-recognized standard of good practice for information security. ISO/IEC 27002’s lineage stretches back more than 30 years to the precursors of BS 7799.
ISO 27001-Information technology — Security techniques — Information security management systems — Requirements (second edition)
ISO/IEC 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information risks (called ‘information security risks’ in the standard). The ISMS is an overarching management framework through which the organization identifies, analyzes and addresses its information risks. The ISMS ensures that the security arrangements are fine-tuned to keep pace with changes to the security threats, vulnerabilities and business impacts – an important aspect in such a dynamic field, and a key advantage of ISO27k’s flexible risk-driven approach as compared to, say, PCI-DSS.
The standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profits), all sizes (from micro-businesses to huge multinationals), and all industries or markets (e.g. retail, banking, defense, healthcare, education and government). This is clearly a very wide brief.
Five reasons why start-ups should care about ISO 27001
You might argue that effective defences, particularly those in line with the best practices described in ISO 27001, are a lot of hard work and red tape that don’t help you turn a profit.
But you’d be wrong. Here are five reasons why.
Infographic: List of data breaches in 2018
2018 saw some of the biggest data breaches yet, with Marriott, Under Armour and Facebook suffering breaches that affected 500 million, 150 million and 100 million people respectively.
It was also the year of the GDPR (General Data Protection Regulation), which changed the way organisations handle customers’ personal data and introduced hefty fines for non-compliance.
However, the Regulation didn’t seem to reduce the number of data breaches: there were approximately 2.3 billion last year, compared to 826 million in 2017…….
