Handle conflicts between multiple security guidelines (PCI-DSS, ISO 27001, GDPR, etc.)? [closed]

How do an organization handle the case of conflicts between multiple security guidelines when an organization wants to be compliant with 2 or more of them?
I know that ISO 27002 can be used this way to have a common framework between multi… Continue reading Handle conflicts between multiple security guidelines (PCI-DSS, ISO 27001, GDPR, etc.)? [closed]

What alternative standard for ISO 27001 can be used in Australia?

I am looking for alternatives, that are less strict and less time consuming, than ISO 27001. Australia is in the Commonwealth, so maybe Cyber Essentials Plus could work, but I do not know if that plays a part in it being recognized by the … Continue reading What alternative standard for ISO 27001 can be used in Australia?

Does a customer who uses a cloud service provider with ISO27017 compliance, need their own certificate to be compliant themselves?

ISO 27017 advises both cloud service customers and providers. Microsoft Azure is compliant with ISO27017.

Let us say that a cloud service customer who uses Microsoft Azure wants to be compliant with ISO27017 – I assume that… Continue reading Does a customer who uses a cloud service provider with ISO27017 compliance, need their own certificate to be compliant themselves?

Expressing the risk of not having a security policy (e.g. ISO 27002, chapter 5)

How do I express non-compliance to ISO 27002 chapter 5 as a risk?

The basic principle of an ISMS according to ISO 27001 is a risk-based approach. Following this, every control of Annex A (ISO 27002) needs to be evaluated and included or (… Continue reading Expressing the risk of not having a security policy (e.g. ISO 27002, chapter 5)