ISO 27001 Archives - Page 2 of 35

How to create an ISO 27001-compliant risk treatment plan

Luke Irwin 3rd May 2019 Cyber Security, ISO 27001

An RTP (risk treatment plan) is an essential part of an organisation’s ISO 27001 implementation process, as it documents the way your organisation will respond to identified threats. It’s one of the mandatory documents you must complete as part of …

[Continue Reading...]

ISO 27001 Lead Implementer, Lead Auditor and Internal Auditor – what’s the difference?

Luke Irwin 25th April 2019 Cyber Security, ISO 27001, Training

A version of this blog was originally published on 25 June 2018. Anyone interested in getting into or advancing their career in cyber security probably knows that they will need training and qualifications. But given that the field is so …

[Continue Reading...]

ISO 27001 checklist: a step-by-step guide to implementation

Luke Irwin 18th April 2019 ISO 27001

We’re not going to lie: implementing an ISO 27001-compliant ISMS (information security management system) can be a challenge. But as the saying goes, nothing worth having comes easy, and ISO 27001 is definitely worth having. If you’re just getting started …

[Continue Reading...]

The importance of the Statement of Applicability in ISO 27001 – with template

Chloe Biscoe 15th April 2019 Cyber Security, ISO 27001

A version of this blog was originally published on 9 November 2017. Documentation is a crucial part of any ISO 27001 implementation project, and one of the most important documents you need to complete is the SoA (Statement of Applicability). …

[Continue Reading...]

Law firms tackle cyber threats with ISO 27001

Paula Fagan 9th April 2019 Cyber Security, ISO 27001, Law Firms, Professional Services

Information security management remains a serious issue for the legal sector, with law firms reporting an increase in targeted attacks in 2018. Large volumes of client funds and confidential information are irresistible to cyber criminals, so it is unsurprising that …

[Continue Reading...]

The damaging after-effects of a data breach

Annabelle Graham 9th April 2019 ISO 27001

This blog has been updated to reflect industry updates. Originally published December 2017. With the number of data breaches increasing every year, they are now a huge issue for organisations. 46% of all UK businesses identified at least one cyber …

[Continue Reading...]

Understanding the differences between ISO 27001 and ISO 27002

Luke Irwin 2nd April 2019 ISO 27001

Anyone with an interest in information security will have encountered ISO 27001, the international standard that describes best practice for an ISMS (information security management system). However, you might not be as familiar with ISO 27002. It’s a supplementary standard …

[Continue Reading...]

ISO 27001: The 14 control sets of Annex A explained

Luke Irwin 18th March 2019 ISO 27001

ISO 27001 is the international standard that describes best practice for an ISMS (information security management system). The Standard takes a risk-based approach to information security, requiring organisations to identify threats to their organisation and select appropriate controls to tackle …

[Continue Reading...]

Requirements for achieving ISO 27001 certification

Melanie Watson 14th March 2019 ISO 27001, Toolkits

This blog has been updated to reflect industry updates. Originally published 24 March 2016. Although ISO 27001 is built around the implementation of information security controls, none of them are universally mandatory for compliance. That’s because the Standard recognises that …

[Continue Reading...]

Gambling trade bodies are creating a powerful lobbying group amid strengthening regulations

Genevra Champion 13th March 2019 ISO 27001, PCI DSS, Retail

IT Governance has been working with gambling operators for more than 15 years, helping them to comply with a range of regulations, so we were interested to see evidence that two of the UK’s biggest gambling trade bodies are set …

[Continue Reading...]