事業継続戦略はお金の節約になるか
あなたは事業継続管理/BS 25999-2規格の導入を検討中ですね。けれども、大変なコストがかかるという話を聞きましたね。 確かにコストはかかりますが、必ずしもあなたが思っている程ではありません。コストの問題は、すぐれた事業継続戦略があれば解決できます。 事業継続戦略とは、BS...
View ArticleBCM懐疑論者に対処する方法
あなたは、BCMは「不可能」「不要」「大災害時には役に立たない」などと言われた事はありませんか。事業継続管理を導入した人なら、おそらくあるはずです。このような態度はもちろんプロジェクトの邪魔になるので、そのような人に対処する方法をいくつか教えましょう。 「大災害が発生した場合には、どうすることもできない」 これがおそらく最も多い批判でしょう。...
View ArticleBS 25999-2導入チェックリスト
経営陣から事業継続を導入する仕事を与えられたのに、どうしていいかよくわからないとおっしゃる。 これは簡単な仕事ではありませんが、BS 25999-2の方法論を援用することで楽になります。以下は、この規格を導入するために必要な主な手順です。 1. 経営陣の支援を得る これはBS...
View ArticleAccreditation vs. certification vs. registration in the ISO world
Things with ISO standards can get really complicated: there are many ISO management standards – the most popular ones are ISO 9001, ISO 14001, ISO 27001, ISO 22301, ISO 20000, etc. – and there are a...
View ArticleISO 27001 vs. ITIL: Similarities and differences
IT services are one of the main pathways for information to flow through organizations, their clients and partners, and as legal and contractual requirements are increasingly including information...
View ArticleClear desk and clear screen policy – What does ISO 27001 require?
Imagine this scene: an employee at his desk, in an open-plan office, is reviewing on his notebook some data to prepare a report about the last quarter financial results, or the pre-selling performance...
View ArticleThe challenging role of the ISO 22301 BCM Manager
The Business Continuity Management (BCM) manager plays a pivotal role in the implementation of a BCM approach. As such, the role faces multiple challenges, from both top management and key process...
View ArticleISO 27001 Internal Auditor training – Is it good for my career?
With business processes under constant pressure from management, customers, and other interested parties, to protect information exactly as requested, by means of technical specifications, legal...
View ArticleISO 31010: What to use instead of the asset-based approach for ISO 27001 risk...
One of the most significant changes in the 2013 version of ISO 27001, a worldwide standard for Information Security Management Systems, is that it does not prescribe any approach in the risk assessment...
View Article3 strategies to implement any ISO standard
If you’re considering the implementation of ISO 27001, ISO 9001, ISO 14001, ISO 20000, or any other ISO management standard, you’re probably overwhelmed with various approaches on how to start and...
View ArticleHow to implement equipment physical protection according to ISO 27001 A.11.2...
Most of the companies today have controls to protect themselves from malicious software (viruses, trojans, etc.), to prevent employees from accessing malicious sites (filtering addresses through proxy...
View ArticleHow to implement equipment physical protection according to ISO 27001 A.11.2...
As I mentioned in my previous article How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 1, having good solution software to protect the information security is not...
View ArticleHow to use the NIST SP800 series of standards for ISO 27001 implementation
Although ISO 27001, an international standard for information security management, provides control objectives and controls that cover a wide range of security issues, they are not exhaustive. Thus,...
View ArticleHow to use NIST SP 800-53 for the implementation of ISO 27001 controls
In my previous article, How to use the NIST SP800 series of standards for ISO 27001 implementation, I made a description about the NIST SP800 series (documents describing computer security practices,...
View ArticleHow to use NIST SP 800-53 for the implementation of ISO 27001 controls
In my previous article, How to use the NIST SP800 series of standards for ISO 27001 implementation, I made a description about the NIST SP800 series (documents describing computer security practices,...
View Article4 mitigation options in risk treatment according to ISO 27001
Most people think risk assessment is the most difficult part of implementing ISO 27001 – true, risk assessment is probably the most complex, but risk treatment is definitely the one that is more...
View Article4 mitigation options in risk treatment according to ISO 27001
Most people think risk assessment is the most difficult part of implementing ISO 27001 – true, risk assessment is probably the most complex, but risk treatment is definitely the one that is more...
View ArticleWhat is an Information Security Management System (ISMS) according to ISO 27001?
If you’ve started an ISO 27001 implementation, you’ve surely come up with the term Information Security Management System or ISMS. Pretty vague term, isn’t it? And yet, the ISMS is the main “product”...
View ArticleWhat is an Information Security Management System (ISMS) according to ISO 27001?
If you’ve started an ISO 27001 implementation, you’ve surely come up with the term Information Security Management System or ISMS. Pretty vague term, isn’t it? And yet, the ISMS is the main “product”...
View ArticleWhat should you write in your Information Security Policy according to ISO...
Content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001 – very often the purpose of this document is misunderstood, and in many cases people tend to think...
View Article
More Pages to Explore .....