fbpx

About admin

This author has not yet filled in any details.
So far admin has created 51 blog entries.

ISO27001 – Control 5.6 – Contact with Special Interest Groups

By |2024-04-11T14:58:45+01:00April 15th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.6 - Contact with Special Interest Groups Control The organization shall establish and maintain contact with special interest groups or other specialist security forums and professional associations. What this means As an organization, it's important to establish and maintain contact with special interest groups, security forums, and professional associations related to information security. Why is this important? The goal is to ensure there is an appropriate flow of information when it comes to information security. How can you do this? Here are some [...]

Read More
 0

ISO27001 – Control 5.5 – Contact with Authorities

By |2024-05-16T11:52:17+01:00April 8th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.5 - Contact with Authorities Control The organization should establish and maintain contact with relevant authorities. What this means The aim of this control is to ensure an open dialogue with regard to information security and incidents between the organisation and relevant legal, regulatory, and supervisory authorities. This means the organization should: Identify the proper authorities to contact about information security issues. This could include law enforcement, regulatory agencies, supervisory bodies, etc. List the proper authorities, usually in your interested parties policy. Decide [...]

Read More
 0

Embracing Least Privilege for Stronger Information Security

By |2024-03-29T12:00:15+00:00April 1st, 2024|Cyber Security, ISO 27001 Controls|

Embracing Least Privilege for Stronger Information Security The principle of least privilege is a fundamental concept in information security that aims to restrict user access rights to only what is essential for performing their job role. By granting users the minimum level of access necessary, organisations can significantly reduce the risk of accidental or intentional misuse of sensitive data and systems. Least Privilege requires software and folders to be managed in a way that each user's access can be restricted to that information that they need [...]

Read More
 0

Can I use a consultant in a different country to help us achieve ISO27001 certification?

By |2024-03-14T14:28:35+00:00March 18th, 2024|ISO27001 Implementation|

Can I use a consultant in a different country to help us achieve ISO27001 Certification? We are frequently asked this question, particularly by companies from the United States who want to work with us. In today's business landscape, information security knows no borders. As organisations increasingly operate across multiple regions and engage in cross-border transactions, the need for a standard approach to information security has never been more critical. That's where ISO 27001 comes in. It's an international standard that gives a proven framework for information [...]

Read More
 0

ISO27001 – Control 5.4 – Management Responsibilities

By |2024-03-11T12:09:45+00:00March 12th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.4 - Management Responsibilities Control Management should require all personnel to apply information security in accordance with the established information security policy, topic-specific policies and procedures of the organisation. What this means   For an organisation to effectively protect its information assets, it's not enough to just have security policies and procedures in place. The employees and personnel who handle that information daily need to be aware of the policies and diligent about following them. But ensuring this level of security awareness and [...]

Read More
 0

ISO27001 – Control 5.3 – Segregation of Duties

By |2024-03-05T11:27:19+00:00March 5th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.3 - Segregation of Duties Control Conflicting duties and conflicting areas of responsibility should be segregated. What this means The purpose of this control is to ensure appropriate segregation of duties is in place to reduce the risks of fraudulent activities, human errors, and intentional bypassing of security controls that could compromise an organisation's information assets. In any organisation, there are certain roles and responsibilities that should never be combined under a single individual. This is because concentrating too many roles or privileges [...]

Read More
 0

ISO27001 – Control 5.2 – Information Security Roles and Responsibilities

By |2024-04-19T16:39:05+01:00March 1st, 2024|ISO 27001 Controls|

ISO27001 - Control 5.2 - Information Security Roles and Responsibilities Control Information security roles and responsibilities should be defined and allocated according to the organization needs. What this means The purpose of this control is to ensure there is a formal approved structure for managing, implementing, and operating the information security management system (ISMS). When assigning security roles and responsibilities, an organisation should align responsibilities with the overarching information security policy and any other specific security policies. Common roles and responsibilities that should be covered include: [...]

Read More
 0

ISO27001 – Control 5.1 – Policies for Information Security

By |2024-02-21T15:08:20+00:00February 21st, 2024|ISO 27001 Controls|

ISO27001 - Control 5.1 - Policies for Information Security Control Information security policy and topic-specific policies should be defined, approved by management, published, communicated to and acknowledged by relevant personnel and relevant interested parties, and reviewed at planned intervals and if significant changes occur. What this means This control is all about the importance of having robust security information policies in place and reviewing them regularly. Information security policies provide the foundation for managing risks and protecting information assets and there are certain policies required by [...]

Read More
 0

Bring Your Own Device (BYOD) – The risks and rewards

By |2024-02-23T09:48:44+00:00January 23rd, 2024|Cyber Security, Information Security|

Bring Your Own Device (BYOD) is a popular policy where employees use personal devices for work. This typically means using personal smartphones or laptops to access company systems and data. While convenient, BYOD introduces cybersecurity risks that organisations must address. Failure to secure personal devices puts sensitive company information at risk. When employees access internal systems on insecure devices outside the corporate network, businesses lose control of that data. Without proper BYOD policies and controls, unauthorised users could access sensitive information if a device is lost, [...]

Read More
 0

How to Choose an ISO27001 Certification Body

By |2024-01-03T12:48:35+00:00January 3rd, 2024|ISO27001 Certification|

Choosing the Right ISO 27001 Certification Body Gaining ISO 27001 certification evidences that your organisation has implemented a robust information security management system (ISMS). A key decision to make on your ISO 27001 journey is selecting which certification body to work with for the formal certification process. Here are some tips on choosing the best ISO 27001 certification body for your needs: Make Sure They Are UKAS Accredited The United Kingdom Accreditation Service (UKAS) provides oversight to certification bodies operating in the UK. Confirm that potential [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top