Julia Dutton Archive
ISO 27001 audits can be intimidating, especially if it’s the first time that your ISMS (information security management system) has come under scrutiny. So how can you make sure you’re doing everything that you should? This blog helps settle your …
When you’re considering your organisation’s cyber security measures, there are two things you must consider: do these controls work now, and will these controls work in the future? The first issue is comparatively easy to assess, because any solution you …
When it comes to ISO 27001 compliance, the SoA (Statement of Applicability) is one of the key documents you must complete. It identifies the controls you have selected to address information security risks, explains why those controls have been selected, …
ISO 27001 is the most popular information security standard worldwide, and organisations that have achieved compliance with the Standard can use it to prove that they are serious about the information they handle and use. ISO 27001 is the globally …
Those who are just getting to know ISO 27001 will no doubt find the audit a daunting prospect. It’s a big, complex task that can be tricky for even experienced professionals. But, as with many challenges, you can overcome any …
The concepts of data privacy and data security might sound similar, but each involves a totally different set of processes and skills for comprehensive data governance. Data privacy relates to the protection of PII (personally identifiable information) – payment card …
Companies starting out with an information security programme often resort to spreadsheets when tackling the risk assessment. There are, however, a number of reasons spreadsheets aren’t the best way to go: They’re prone to user input errors. Setting up and …
It’s everywhere, popping up all over the place, seemingly out of control. Ransomware is a particular nasty form of cyber attack where an employee (or maybe even you!) is duped into clicking on a fake popup advertisement or visiting …
An annual cyber security maturity self-assessment completed by 878 individuals in 24 industries (The RSA Cybersecurity Poverty Index™ 2016) revealed that companies generally lack the ability to catalogue, assess and mitigate cyber risks, with 45% reporting that the capability to …
Those who have conducted a risk assessment according to the requirements of ISO 27001 and ISO 27005 would agree that the process is not very clear for newcomers to the Standard. For starters, there are so many factors to consider, …