Uporaba norme ISO 9001 za provedbu ISO 27001
Već ste uveli normu ISO 9001? Čuli ste da bi možda bilo dobro uvesti i normu ISO 27001? Ali kako vam nešto vezano za kvalitetu može pomoći u provedbi informacijske sigurnosti? Može, i više nego što...
View ArticleObvezne dokumentirane procedure propisane normom ISO 27001
Ako ste čuli da norma ISO 27001 propisuje mnogo procedura, to nije u potpunosti točno. Zapravo je prema normi potrebno dokumentirati samo četiri procedure: proceduru za upravljanje dokumentacijom,...
View ArticleSedam koraka za implementaciju politika i procedura
Je li vam se ikada dogodilo da ste dobili zadatak napisati sigurnosnu politiku ili proceduru? No ne želite da vaš dokument dijeli sudbinu mnogih drugih – da skuplja prašinu u nekoj zaboravljenoj...
View ArticleAccreditation vs. certification vs. registration in the ISO world
Things with ISO standards can get really complicated: there are many ISO management standards – the most popular ones are ISO 9001, ISO 14001, ISO 27001, ISO 22301, ISO 20000, etc. – and there are a...
View ArticleISO 27001 vs. ITIL: Similarities and differences
IT services are one of the main pathways for information to flow through organizations, their clients and partners, and as legal and contractual requirements are increasingly including information...
View ArticleClear desk and clear screen policy – What does ISO 27001 require?
Imagine this scene: an employee at his desk, in an open-plan office, is reviewing on his notebook some data to prepare a report about the last quarter financial results, or the pre-selling performance...
View ArticleThe challenging role of the ISO 22301 BCM Manager
The Business Continuity Management (BCM) manager plays a pivotal role in the implementation of a BCM approach. As such, the role faces multiple challenges, from both top management and key process...
View ArticleISO 27001 Internal Auditor training – Is it good for my career?
With business processes under constant pressure from management, customers, and other interested parties, to protect information exactly as requested, by means of technical specifications, legal...
View ArticleISO 31010: What to use instead of the asset-based approach for ISO 27001 risk...
One of the most significant changes in the 2013 version of ISO 27001, a worldwide standard for Information Security Management Systems, is that it does not prescribe any approach in the risk assessment...
View Article3 strategies to implement any ISO standard
If you’re considering the implementation of ISO 27001, ISO 9001, ISO 14001, ISO 20000, or any other ISO management standard, you’re probably overwhelmed with various approaches on how to start and...
View ArticleHow to implement equipment physical protection according to ISO 27001 A.11.2...
Most of the companies today have controls to protect themselves from malicious software (viruses, trojans, etc.), to prevent employees from accessing malicious sites (filtering addresses through proxy...
View ArticleHow to implement equipment physical protection according to ISO 27001 A.11.2...
As I mentioned in my previous article How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 1, having good solution software to protect the information security is not...
View ArticleClik here to view.
How to use the NIST SP800 series of standards for ISO 27001 implementation
Although ISO 27001, an international standard for information security management, provides control objectives and controls that cover a wide range of security issues, they are not exhaustive. Thus,...
View ArticleClik here to view.
How to use NIST SP 800-53 for the implementation of ISO 27001 controls
In my previous article, How to use the NIST SP800 series of standards for ISO 27001 implementation, I made a description about the NIST SP800 series (documents describing computer security practices,...
View ArticleClik here to view.
How to use NIST SP 800-53 for the implementation of ISO 27001 controls
In my previous article, How to use the NIST SP800 series of standards for ISO 27001 implementation, I made a description about the NIST SP800 series (documents describing computer security practices,...
View ArticleClik here to view.
4 mitigation options in risk treatment according to ISO 27001
Most people think risk assessment is the most difficult part of implementing ISO 27001 – true, risk assessment is probably the most complex, but risk treatment is definitely the one that is more...
View ArticleClik here to view.
4 mitigation options in risk treatment according to ISO 27001
Most people think risk assessment is the most difficult part of implementing ISO 27001 – true, risk assessment is probably the most complex, but risk treatment is definitely the one that is more...
View ArticleClik here to view.
What is an Information Security Management System (ISMS) according to ISO 27001?
If you’ve started an ISO 27001 implementation, you’ve surely come up with the term Information Security Management System or ISMS. Pretty vague term, isn’t it? And yet, the ISMS is the main “product”...
View ArticleClik here to view.
What is an Information Security Management System (ISMS) according to ISO 27001?
If you’ve started an ISO 27001 implementation, you’ve surely come up with the term Information Security Management System or ISMS. Pretty vague term, isn’t it? And yet, the ISMS is the main “product”...
View ArticleClik here to view.
What should you write in your Information Security Policy according to ISO...
Content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001 – very often the purpose of this document is misunderstood, and in many cases people tend to think...
View Article
