dcsimg

ISO 27001 and the importance of employees

Anyone familiar with ISO 27001 will know about the three pillars of information security: people, processes and technology. The latter two tend to generate the most attention among managers, because they are the easiest to implement. All you need to do is find an appropriate solution (like anti-malware software or a Cloud services provider), make the purchase and set it up. The people side of … [Read more...]

Nine steps to successful ISO 27001 implementation

It may be something of a cliché but, for information security management system (ISMS) projects, it is certainly true to say that ‘well begun is half-way done’. The person charged with leading an ISO/IEC 27001:2013 ISMS project has to reduce something that looks potentially complex, difficult and expensive in terms of time and resources, to something that everyone believes can be achieved in the … [Read more...]

Worried about data breaches? Check out our 8-step incident response guide

The key to a successful cyber security strategy is preparation. If you have a plan for how to manage data breaches and other disruptions, you can get to work on remediation immediately.  And what’s more, everyone in your organisation knows their roles. There’ll be no one wandering around unsure what to do as a crisis unfolds.  Instead, people will turn to management, who can relay instructions and … [Read more...]

IT Governance certified training now available in Amsterdam

IT Governance Europe is delighted to announce the launch of our latest classroom training courses in Amsterdam.   Starting in 2020, they offer attendees a structured learning path from foundation to advanced level, and enable IT, privacy and security practitioners to develop the skills needed to deliver best practice and compliance in organisations of all sizes.   Continual professional … [Read more...]

Why your organisation should implement ISO 27701

There’s a new standard for data privacy: ISO 27701. Released earlier this year as an extension to the ISO 27000 series, it provides essential guidance to help organisations protect sensitive information and meet data subject rights.  ISO 27701 fills a gap left by the GDPR (General Data Protection Regulation), which contains strict rules about privacy management but doesn’t advise organisations on … [Read more...]

How to identify and respond to cyber threats

“How can we avoid cyber attacks?” That’s the question every organisation is asking as the threat of cyber crime continues to spiral.  It’s easy to point to solutions like anti-malware software or encrypting sensitive information, but as we explain in this blog, things are rarely that simple.  That’s because threats come in many forms, and it takes a holistic approach to deal with them … [Read more...]

ISO 27001 qualifications: Lead Auditor or Lead Implementer?

If you’re new to ISO 27001, the international standard for information security management, you might be finding it difficult to choose a training course that suits your needs.  A problem many people have is deciding between a lead auditor and a lead implementer training course.  What’s the difference between the two? It really is as obvious as it sounds: an implementer implements an ISMS … [Read more...]

The psychology of compliance

The human decision-making process is the preferred subject of psychologists and economists. Historically, they adopted an approach of viewing human behaviour as regular and highly predictable. This helped the researchers to build various models in order to comprehend social and economical phenomena. Such systems were compared by Karl Popper to reliable pendulum clocks.  One can take them apart and … [Read more...]

Protect your information assets with effective risk management

In today’s information economy, the development, exploitation and protection of information and associated assets are key to the long-term competitiveness and survival of corporations and entire economies. The protection of information and associated assets – information security – is therefore overtaking physical asset protection as a fundamental corporate governance responsibility. An … [Read more...]

ISO 27701: the new international standard for data privacy

There’s a new standard for data privacy – ISO 27701. It’s the first document in the ISO 27000 series dedicated to privacy, explaining how organisations can create a PIMS (privacy information management systems) and meet best practices outlined in regulations such as the GDPR (General Data Protection Regulation).  Its controls will be very familiar to those who have adopted ISO 27001, the … [Read more...]