Pentests are required for ISO 27001 or SOC2 audits: download pdf Why do organizations need to conduct a penetration test?

ISO is shaking up the familiar structure of the ISO 27001/27002 control framework after over 20 years of stability.  Originally published as British Standard BS 7799 Part 1 and 2 in the late 1990s, adopted as the ISO 17799 standard in 2000, and then renumbered as ISO 27001/27002, the name has changed a few times […]

Introduction and Background As required by ISO27001 the risks identified in the risk assessment need to be ones that if they happened would result in the loss of Confidentiality Integrity and/or Availability (CIA) of information in the scope of the ISMS. As also required by ISO27001 those controls that are necessary to modify each risk […]

The importance of the Statement of Applicability in ISO 27001 – with template Chloe Biscoe  23rd March 2021 Documentation is a crucial part of any ISO 27001 implementation project, and one of the most important documents you need to complete is the SoA (Statement of Applicability). In this blog, we explain what an SoA is, why it’s […]

Download pdf: Steps to implement ISMS Distance Learning Training Courses

We often are asked if FAIR™, the international standard for cyber and technology risk quantification and the basis of the RiskLens platform, is compatible with the common security and risk standards and frameworks. The answer is yes — by bringing a financial discipline to otherwise technical guidelines, FAIR and RiskLens enhance their value as business-decision […]

Browse Cyber Security Standards in the leading UK and international cyber security standards bookstore

There is light at the end of the tunnel with Covid-19 and businesses will need to be ready for whatever it may bring. Perhaps not a business as usual or will it be a case of your customers may want to reduce their vendors and their services. In 2021 customers may want to do business […]

ISO Self assessment tools list includes but not limited to Privacy, ISO 27001, ISO 9001 and ISO 14001 & ISO/IEC 27701 2019 Standard and Toolkit

ISO/IEC 27701:2019 provides guidance on data protection, including how organizations should manage personal information, and helps demonstrate compliance with privacy regulations around the world, such as the GDPR. The Standard integrates with the international information security management standard ISO/IEC 27001 to extend an ISMS (information security management system), enabling an organization to establish, implement, maintain and […]

Information security, cybersecurity and privacy protection — Requirements for bodies providing audit and certification of privacy information management systems according to ISO/IEC 27701 in combination with ISO/IEC 27001 (DRAFT)  Within a year or so, organisations will be able to have their Privacy Information Management Systems certified compliant with ISO/IEC 27701, thanks to a new accreditation […]

Reduce your cyber risk with ISO 27001 Contact DISC InfoSec if you have a question regarding ISO 27001 implementation. Explore the subject of Cyber Attack Download a Security Risk Assessment Steps paper! Subscribe to DISC InfoSec blog by Email Take an awareness quiz to test your basic cybersecurity knowledge DISC InfoSec 🔒 securing the business […]

ISO 27k books reading list   Many ISO 27001 practitioners attend ISO 27001 Lead Implementer courses or buy a ISO 27001 TOOLKIT to gain practical knowledge and skills to develop an information security management system (ISMS). Some go even further by securing a budget to call in an experienced ISO 27001 consultant to guide them through the process […]

Because of the COVID-19 crisis, ISO enabled free access to ISO 22301, ISO 22395, ISO 22320, ISO 22316, and ISO 31000 standards – find the links here. Source: ISO 31000 and ISO 22301 available now for free to read ISO standards:   Subscribe to DISC InfoSec blog by Email

ISO/IEC 27701 is the international standard that serves as an extension to an ISO 27001/ ISO 27002 #ISMS (information security management system). It provides guidelines for implementing, maintaining, and continually improving a #PIMS (privacy information management system). Develop a privacy information management system as an extension to your ISO 27001-conformant ISMS with ISO/IEC 27701. Supports […]

NIST CyberSecurity Framework and ISO 27001 How to get started with the NIST Cybersecurity Framework (CSF) – Includes Preso Written Information Security Program (WISP) – ISO 27002, NIST Cybersecurity Framework & NIST 800-53 What is ISO 27001? Virtual Session: NIST Cybersecurity Framework Explained Enter your email address: Delivered by FeedBurner

The best practice guide for an effective infoSec function: iTnews has put together a bit of advice from various controls including ISO 27k and NIST CSF to guide you through what’s needed to build an effective information security management system (ISMS) within your organization. This comprehensive report is a must-have reference for executives, senior managers […]

Understanding the differences between ISO 27001 and ISO 27002  Luke Irwin  2nd April 2019 Anyone with an interest in information security will have encountered ISO 27001, the international standard that describes best practice for an ISMS (information security management system). However, you might not be as familiar with ISO 27002. It’s a supplementary standard that provides advice […]

Every day, big companies are still getting breached despite their security products. F-Secure’s Mikko Hypponen warns that companies that say ‘use our technology and you will not have a breach’ actually make it much harder for clients to think about and be ready for a breach. Source: Just Having A Security Product Doesn’t Make You […]