ISO 27001 Archive
One of the key compliance requirements of ISO 27001 is to create an asset inventory. This is a list of information assets that an organisation owns, including fixed assets such as property and equipment, as well as intangible assets such …
Information security is often considered in terms of cyber threats, such as criminal hacking and fraud, but it’s just as much about physical and environmental risks. This includes things such as the improper disposal of physical records, unauthorised personnel in …
Organisations that are looking to improve their information security posture are probably familiar with ISO 27001. It’s the international standard that describes best practice for an ISMS (information security management system), and it provides a framework for implementing appropriate processes …
Information security risk assessments help organisations understand the threats they face and the treatment options they should consider. The assessment should be performed regularly – either once a year or whenever there are significant organisational changes – because the threat …
A centralised cyber security risk register is a document that includes information about an organisation’s threat environment. It contains information on potential cyber security risks. Usually it acts as evidence that an organisation has implemented an ISMS (information security management …
One of the core aspects of an information security risk assessment is identifying the threats your organisation faces. We recommend that you follow the best practices outlined in ISO 27001 when doing this. The international standard provides a framework for …
For all the attention that organisations pay to their ISO 27001 risk assessment, it’s worth remembering that there’s an additional step afterwards – risk treatment. This is where you take the risks that you’ve identified and decide how to deal …
If organisations are to protect their sensitive data, they need to understand the three core components of information security: threat, vulnerability and risk. Those unfamiliar with the technicalities of information security might assume that these terms are interchangeable, but that’s …
Personal data is the lifeblood of many organisations, but it is becoming increasingly important to manage the way that information is used. Organisations that fail to do so risk data breaches, reputational damage, lost time and financial repercussions. This is …
Risk assessments are at the heart of ISO 27001, but they often have a reputation for being time-consuming and difficult. But how long should the risk assessment process take? The answer depends on which tool you use. Risk assessment tools …
