dcsimg

3 essential controls that can keep your organisation safe from cyber threats

Organisations that want a proven, structured approach to information security should look no further than ISO 27001. The Standard describes best practice for implementing and maintaining an ISMS (information security management system), which is built around a system of controls that protects your information from a wide variety of threats. The full list of controls is listed in Annex A of … [Read more...]

What is an information security policy?

An information security policy is a set of instructions that an organisation gives its staff to help them prevent data breaches. Employees are involved in many of the most common causes of security incidents, whether directly (such as accidental breaches) or indirectly (such as phishing scams), so thorough guidelines are essential. How do you create information security policies? Your … [Read more...]

What is an ISO 27001 risk assessment and how should you report on it?

An ISO 27001 risk assessment helps organisations identify, analyse and evaluate weaknesses in their information security processes. It’s a core part of ISO 27001 compliance, informing organisations’ decisions regarding the risks that must be addressed and how they should be tackled. Getting the risk assessment process right is obviously important, but you must remember that it’s only the first … [Read more...]

Further your career with certified ISO 27001 training

At IT Governance Europe, we believe that an ISO 27001 qualification is something that every cyber security professional should have. As such, we’ve made our ISO 27001 courses available in classrooms, online and in-house. These courses have been designed to teach attendees the skills required to plan, implement, maintain and audit a best-practice information security management system (ISMS) in … [Read more...]

Securing 2019 with ISO 27001

2018 was a mixed bag for information security. According to the Identity Theft Resource Center’s 2018 End-of-Year Data Breach Report, there were fewer recorded data breaches compared to 2017, but there was a 126% increase in the number of breached records. As you might expect, the business sector suffered both the most data breaches (571 of 1,244 total) and the highest number of breached … [Read more...]

Have you met the PCI SSC’s new QSA requirements?

As of 2019, the qualification requirements for QSAs (Qualified Security Assessors) have become much tougher. Assessors must now gain an information security and an IT audit certificate. Under the previous rules, QSAs were only required to hold one of those qualifications. The rule change took effect on 1 January 2019 for new QSAs. Those who were already qualified have until 1 July 2019 to gain … [Read more...]

What is ISO 27001 certification?

ISO 27001 certification demonstrates that an organisation has met the requirements of the international standard for information security. This is hugely beneficial compared to simply following the Standard’s requirements, because it provides proof of the effectiveness of your security systems and satisfies the demands of clients and regulators. The ISO 27001 certification process Before … [Read more...]

How to document your information security policy

Information security policies play a vital role in organisational security. Getting your policy right will give you an excellent framework to build on, making sure that all your efforts follow a single goal. But if you get it wrong, you risk neglecting key issues and exposing yourself to data breaches. To make sure you get off on the right track, we’ve taken some advice from Alan Calder and … [Read more...]

Still struggling with the GDPR? Here’s how you can get started

The GDPR (General Data Protection Regulation) has been in effect for more than seven months now, but many organisations still aren’t fully compliant with its requirements, and some are still only just getting started.  That’s obviously not ideal, but the good news is that organisations that are still working towards compliance don’t need to feel as though they’ve left … [Read more...]

What’s the difference between an ISO 27001 risk assessment and gap analysis?

The ISO 27001 implementation and review process centres upon the risk assessment and gap analysis process. These two pivotal steps provide you with the bulk of the information you need comply with the Standard, so it’s essential that you get them right. The problem is that the two processes are very similar, meaning organisations can easily confuse the two and jeopardise their compliance … [Read more...]