Julia Dutton Archive
Companies starting out with an information security programme often resort to spreadsheets when tackling the risk assessment. There are, however, a number of reasons spreadsheets aren’t the best way to go: They’re prone to user input errors. Setting up and …
ISO 27001 is the most popular information security standard worldwide, and organisations that have achieved compliance with the Standard can use it to prove that they are serious about the information they handle and use. ISO 27001 is the globally …
It’s everywhere, popping up all over the place, seemingly out of control. Ransomware is a particular nasty form of cyber attack where an employee (or maybe even you!) is duped into clicking on a fake popup advertisement or visiting …
An annual cyber security maturity self-assessment completed by 878 individuals in 24 industries (The RSA Cybersecurity Poverty Index™ 2016) revealed that companies generally lack the ability to catalogue, assess and mitigate cyber risks, with 45% reporting that the capability to …
Those who have conducted a risk assessment according to the requirements of ISO 27001 and ISO 27005 would agree that the process is not very clear for newcomers to the Standard. For starters, there are so many factors to consider, …
Conducting an asset-based risk assessment requires the identification of information assets as a first step. If you are certifying to ISO 27001:2013 and have chosen to follow an asset-based risk assessment methodology, you will logically need to compile a list …
The Statement of Applicability (SoA) is one of the key documents in an ISO 27001 information security management system (ISMS). It identifies the controls you have selected to address the risks that were identified in the risk assessment process, explains …
An ISO 27001 audit – whether the actual certification audit or an internal audit – can be quite intimidating, especially if it’s the first time that your ISMS (information security management system) has been audited. The best way to succeed …
Gavin (Guang) Duan, (IRCA certified ISMS Auditor), is a compliance specialist at a division of an international automated sortation technology company that employs over 4,000 employees in 70 countries. One of Gavin’s responsibilities, along with a team of four others, …
Defending your organisation from information security risks without knowing what those risks are is like blind target practice: you’ll keep missing your opponent. A risk assessment gives the organisation a specific, defined set of targets to aim for, and for …
