Collaborate Disseminate
One of the most important steps when conducting an ISO 27001 risk assessment is to select risk owners to manage specific threats and vulnerabilities. Choosing the right person is crucial, because not only should the owner of each risk be someone for wh… Continue reading How to get multiple risk owners contributing to a risk assessment
ISO 27001 is the international standard for an ISMS (information security management system), a best-practice approach to security that helps organisations achieve all of their data privacy compliance objectives. If you are currently weighing up your o… Continue reading 3 myths about ISO 27001 certification
An ISO 27001 risk assessment should have five key steps. In this blog, we look at the second step in the process: identifying the risks that organisations face. How to identify threats You must determine which can compromise the confidentiality, integr… Continue reading Top 10 risks to include in an information security risk assessment
ISO 27005 describes the risk management process for information and cyber security. It’s part of the ISO 27000 series, which means its advice is part of a wider set of best practices for to protect your organisation from data breaches. As with every st… Continue reading ISO 27005 and the risk assessment process
The risk treatment plan is one of the mandatory documents that must be produced as part of a certified ISO 27001 ISMS (information security management system). It provides a summary of each of the identified risks, the responses that have been designed… Continue reading How to produce a risk treatment plan
Whether you’re addressing cyber security on your own, following ISO 27001 or using the guidance outlined in the GDPR (General Data Protection Regulation), the process begins by assessing the risks you face. You might have a broad idea of what a r… Continue reading Risk terminology: Understanding assets, threats and vulnerabilities
Clause 6 of ISO 27001 is one of the most important aspects for compliance, as it covers the actions you must take to address information security risks. Everything else you do to meet the Standard’s requirements informs or revolves around the ste… Continue reading Managing risks according to Clause 6 of ISO 27001
Those who are just getting to know ISO 27001 will no doubt find the audit a daunting prospect. It’s a big, complex task that can be tricky for even experienced professionals. But, as with many challenges, you can overcome any concerns by preparin… Continue reading What to expect from Stage 1 and Stage 2 ISO 27001 audits
We’re back with another round-up of some of the most notable information security stories of the past month. In this edition, we discuss a hospital employee who abused their power to contact patients, an update on last year’s Ticketmaster d… Continue reading Monthly cyber security review: December 2019
If you’re certifying to ISO 27001, one of the first things you need to do identify your information assets. After all, it’s only once you know what you’re dealing with that you determine the threats associated with them. Information a… Continue reading Identifying assets for conducting an asset-based risk assessment