The documentation myth – Why the templates are not enough?
Dejan Kosutic
I noticed that many people running ISO 27001 projects who have downloaded documentation templates think “I have the templates now...
I noticed that many people running ISO 27001 projects who have downloaded documentation templates think “I have the templates now – the rest is easy. I’ll write a few documents, show them to auditor, and...
ISO 27001 control objectives – Why are they important?
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers...
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers on the subject of management theory) said “What gets measured gets managed”. The same goes...
Lessons learned from ISO 27001 implementation
Many readers of this blog asked me to present a real-life experience of ISO 27001 implementation in a company. Since...
Many readers of this blog asked me to present a real-life experience of ISO 27001 implementation in a company. Since I would be too subjective if I started writing my own impressions, I decided to...
Do you really need a consultant for ISO 27001 / BS 25999 implementation?
I’ve met quite a few companies considering how to start their ISO 27001 / BS 25999 project, with quite different...
I’ve met quite a few companies considering how to start their ISO 27001 / BS 25999 project, with quite different approaches – some are convinced they can do it completely on their own (with no...
What is cybersecurity and how can ISO 27001 help?
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but...
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but at least the general idea is pretty much the same. However, when it comes to...
How to deal with insider threats?
“Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this...
“Your ISO 27001 is nice in theory, but if our system administrator goes crazy, we’re dead.” – I hear this quite often when speaking to my clients about which security controls they should apply. And...
