One Information Security Policy, or several policies?
Dejan Kosutic
Very often I see questions on various forums on how to develop an Information Security Policy. Quite frankly, I don’t...
Very often I see questions on various forums on how to develop an Information Security Policy. Quite frankly, I don’t think it is a good idea to stuff all the security rules into a single...
5 criteria for choosing an ISO 22301 / ISO 27001 consultant
If you’re implementing ISO 27001 or ISO 22301 for the first time, you’re probably considering hiring a consultant to help...
If you’re implementing ISO 27001 or ISO 22301 for the first time, you’re probably considering hiring a consultant to help you. But, which consultant should you hire, what are the potential problems, and how much...
A first look at the new ISO 27001
Update 2013-09-25: This blog post was updated according to the final version of ISO 27001:2013 that was published on September...
Update 2013-09-25: This blog post was updated according to the final version of ISO 27001:2013 that was published on September 25, 2013. When I heard the news that the DIS (draft) version of ISO 27001:2013...
ISO 27000 series – What to expect in 2013?
Believe it or not, there are more than 30 standards in the ISO 27k series. And, to make things worse,...
Believe it or not, there are more than 30 standards in the ISO 27k series. And, to make things worse, they are constantly changing because information security theory and best practice are continuously evolving. Here’s...
4 reasons why ISO 27001 is useful for techies
Very often when I start ISO 27001 consulting job in a company I hear complaints from system administrators, IT managers,...
Very often when I start ISO 27001 consulting job in a company I hear complaints from system administrators, IT managers, and other IT staff like, “Oh no, now we’re going to get swamped with a...
5 ways to avoid overhead with ISO 27001 (and keep the costs down)
There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of...
There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of money for something we’re not sure is worth it; and (2) the annoyance of maintaining...
