Blog
We use this place to discuss random subjects. You may find some of them interesting...
The two approaches for information security risk identification proposed by ISO/IEC 27005:2022
ISO/IEC 27005 proposes two different approaches for risk identification. The event-based approach and the asset-based approach
Debunking some common myths about ISO/IEC 27001, the information security management system (ISMS) standard
ISO/IEC 27001 is a great tool for any organization looking to improve information security. However, there are some myths that should be debunked
Our new ISO/IEC 27001 Lead Auditor for Information Security course
We have published a brand new online course for information security management system auditors according to ISO/IEC 27001:2022
Implementing an ISMS: What standards to Use? ISO/IEC 27001, ISO/IEC 27002, or both?
ISO/IEC 27001 and ISO/IEC 27002 are essential standards in the world of information security management. You could think of them as ISO/IEC 27001 being the "what," and ISO/IEC 27002 being the "how."
How to become an information security management system (ISMS) auditor: requirements, benefits, and pathway
Becoming an ISMS auditor is a rewarding career path that offers both financial and professional growth opportunities
Redundancy of information processing facilities. A detailed overview of what ISO/IEC 27001:2022 requires
Information processing facilities must be implemented with sufficient redundancy to meet availability requirements.
The importance of screening as an information security control
The human element is often the weakest link in information security. A robust screening process helps mitigate the risks posed by insider threats.
Understanding networks segregation as an information security control in ISO/IEC 27001:2022
Groups of services, users and information systems should be segregated in the organization's networks