Julia Dutton Archive
ISO 27001 audits can be intimidating, especially if it’s the first time that your ISMS (information security management system) has been audited. So how can you make sure you’re doing everything that you should? This blog helps you settle your …
The concepts of data privacy and data security might sound similar, but each involves a totally different set of processes and skills for comprehensive data governance. Data privacy relates to the protection of PII (personally identifiable information) – payment card …
Companies starting out with an information security programme often resort to spreadsheets when tackling the risk assessment. There are, however, a number of reasons spreadsheets aren’t the best way to go: They’re prone to user input errors. Setting up and …
ISO 27001 is the most popular information security standard worldwide, and organisations that have achieved compliance with the Standard can use it to prove that they are serious about the information they handle and use. ISO 27001 is the globally …
It’s everywhere, popping up all over the place, seemingly out of control. Ransomware is a particular nasty form of cyber attack where an employee (or maybe even you!) is duped into clicking on a fake popup advertisement or visiting …
An annual cyber security maturity self-assessment completed by 878 individuals in 24 industries (The RSA Cybersecurity Poverty Index™ 2016) revealed that companies generally lack the ability to catalogue, assess and mitigate cyber risks, with 45% reporting that the capability to …
Those who have conducted a risk assessment according to the requirements of ISO 27001 and ISO 27005 would agree that the process is not very clear for newcomers to the Standard. For starters, there are so many factors to consider, …
Conducting an asset-based risk assessment requires the identification of information assets as a first step. If you are certifying to ISO 27001:2013 and have chosen to follow an asset-based risk assessment methodology, you will logically need to compile a list …
The Statement of Applicability (SoA) is one of the key documents in an ISO 27001 information security management system (ISMS). It identifies the controls you have selected to address the risks that were identified in the risk assessment process, explains …
Gavin (Guang) Duan, (IRCA certified ISMS Auditor), is a compliance specialist at a division of an international automated sortation technology company that employs over 4,000 employees in 70 countries. One of Gavin’s responsibilities, along with a team of four others, …
