Julia Dutton Archive
Those who are just getting to know ISO 27001 will no doubt find the audit a daunting prospect. It’s a big, complex task that can be tricky for even experienced professionals. But, as with many challenges, you can overcome any …
If you’re certifying to ISO 27001, one of the first things you need to do identify your information assets. After all, it’s only once you know what you’re dealing with that you determine the threats associated with them. Information assets …
ISO 27001 audits can be intimidating, especially if it’s the first time that your ISMS (information security management system) has been audited. So how can you make sure you’re doing everything that you should? This blog helps you settle your …
The concepts of data privacy and data security might sound similar, but each involves a totally different set of processes and skills for comprehensive data governance. Data privacy relates to the protection of PII (personally identifiable information) – payment card …
Companies starting out with an information security programme often resort to spreadsheets when tackling the risk assessment. There are, however, a number of reasons spreadsheets aren’t the best way to go: They’re prone to user input errors. Setting up and …
ISO 27001 is the most popular information security standard worldwide, and organisations that have achieved compliance with the Standard can use it to prove that they are serious about the information they handle and use. ISO 27001 is the globally …
It’s everywhere, popping up all over the place, seemingly out of control. Ransomware is a particular nasty form of cyber attack where an employee (or maybe even you!) is duped into clicking on a fake popup advertisement or visiting …
An annual cyber security maturity self-assessment completed by 878 individuals in 24 industries (The RSA Cybersecurity Poverty Index™ 2016) revealed that companies generally lack the ability to catalogue, assess and mitigate cyber risks, with 45% reporting that the capability to …
Those who have conducted a risk assessment according to the requirements of ISO 27001 and ISO 27005 would agree that the process is not very clear for newcomers to the Standard. For starters, there are so many factors to consider, …
The Statement of Applicability (SoA) is one of the key documents in an ISO 27001 information security management system (ISMS). It identifies the controls you have selected to address the risks that were identified in the risk assessment process, explains …
