dcsimg

Nine steps to successful ISO 27001 implementation

It may be something of a cliché but, for information security management system (ISMS) projects, it is certainly true to say that ‘well begun is half-way done’. The person charged with leading an ISO/IEC 27001:2013 ISMS project has to reduce something that looks potentially complex, difficult and expensive in terms of time and resources, to something that everyone believes can be achieved in the … [Read more...]

IT Governance certified training now available in Amsterdam

IT Governance Europe is delighted to announce the launch of our latest classroom training courses in Amsterdam.   Starting in 2020, they offer attendees a structured learning path from foundation to advanced level, and enable IT, privacy and security practitioners to develop the skills needed to deliver best practice and compliance in organisations of all sizes.   Continual professional … [Read more...]

Why your organisation should implement ISO 27701

There’s a new standard for data privacy: ISO 27701. Released earlier this year as an extension to the ISO 27000 series, it provides essential guidance to help organisations protect sensitive information and meet data subject rights.  ISO 27701 fills a gap left by the GDPR (General Data Protection Regulation), which contains strict rules about privacy management but doesn’t advise organisations on … [Read more...]

The psychology of compliance

The human decision-making process is the preferred subject of psychologists and economists. Historically, they adopted an approach of viewing human behaviour as regular and highly predictable. This helped the researchers to build various models in order to comprehend social and economical phenomena. Such systems were compared by Karl Popper to reliable pendulum clocks.  One can take them apart and … [Read more...]

ISO 27701: the new international standard for data privacy

There’s a new standard for data privacy – ISO 27701. It’s the first document in the ISO 27000 series dedicated to privacy, explaining how organisations can create a PIMS (privacy information management systems) and meet best practices outlined in regulations such as the GDPR (General Data Protection Regulation).  Its controls will be very familiar to those who have adopted ISO 27001, the … [Read more...]

A guide to implementing and auditing ISO 27001

Information is one of your organisation’s most valuable assets. The objectives of information security are to protect the confidentiality, integrity and availability of information. These basic elements of information security help to ensure that an organisation can protect against:  sensitive or confidential information being given away, leaked or otherwise exposed, both … [Read more...]

How to write an information security policy – with template example

Information security policies are arguably the most important part of an organisation’s defences, as the biggest threat you face comes from employees.  Whether they’re making honest mistakes, ignoring instructions or acting maliciously, employees are always liable to compromise information. Technological defences can help mitigate the damage, but these must be accompanied by effective information … [Read more...]

What is ISO 27001 and why should your organisation adopt it?

If you’re considering implementing ISO 27001, the international standard for information security, you’ve probably heard experts like us talk about the benefits.  But what exactly does the Standard do, and how does it help your organisation? This blog will answer both those questions.    What is ISO 27001?  ISO 27001 is the international standard that describes best practice for an ISMS … [Read more...]

How cyber insurance can help you manage information security risks

For years, organisations have been looking for ways to avoid the potentially catastrophic consequences of data breaches. They might have finally found the answer in the form of cyber insurance.  Like any insurance policy, cyber insurance helps cover the costs associated with relevant damages. This includes things like loss of productivity, assisting those affected by the breach and fixing … [Read more...]

ISO 27001 compliance might be easier than you think

Want to know how you can protect your organisation from cyber attacks and data breaches? Who doesn’t? That’s why you should take our ISO 27001 self-assessment questionnaire.  This five-minute survey asks you about your current defence measures and explains how you can align your practices with ISO 27001, the international standard for information security.   What does ISO 27001 do?  ISO … [Read more...]