ISO/IEC 27001 certification positions organisations to mitigate information security and cybersecurity risk. ISO/IEC 27001, often abbreviated as ISO 27001, was published collaboratively by the International…
Achieving ISO 27001 Certification acts as a business differentiator, affirming to suppliers, stakeholders and clients that your business takes information security management seriously. Certification demonstrates…
Just like how a building is only as good as its foundation, your ISO 27001 certification is only as good as the scope of your…
ISO 27001 Protection of Malware can often be interpreted as just anti-virus or anti-malware controls, where organisations think that purchasing an enterprise AV solution will…
Monitoring, measurement, analysis and evaluation of the ISMS is a requirement of ISO 27001:2013 that many organisations can become stuck on. The standard requires the organisation…
When looking into computer storage at a low level, one term that often comes up is RAID storage, and the standard RAID levels. But what…
Under ISO 27001 Network Segmentation, otherwise known as network segregation, consists of splitting the network into sub networks (or subnets) for security, performance or usability…
What are information security objectives in ISO 27001? Who should define these? And why are they important? These are some of the common questions we…
What does regulation of cryptographic controls in ISO 27001 mean? The standard talks of the use of cryptographic controls in accordance with relevant laws, legislation…
ISO 27001:2013 defines the requirement for organisations to actively identify a non-conformity and conduct corrective action. But what is the difference between non conformance report…