DISC InfoSec blog

ISO/IEC 27701:2019 provides guidance on data protection, including how organizations should manage personal information, and helps demonstrate compliance with privacy regulations around the world, such as the GDPR. The Standard integrates with the international information security management standard ISO/IEC 27001 to extend an ISMS (information security management system), enabling an organization to establish, implement, maintain and […]

Information security, cybersecurity and privacy protection — Requirements for bodies providing audit and certification of privacy information management systems according to ISO/IEC 27701 in combination with ISO/IEC 27001 (DRAFT)  Within a year or so, organisations will be able to have their Privacy Information Management Systems certified compliant with ISO/IEC 27701, thanks to a new accreditation […]

Reduce your cyber risk with ISO 27001 Contact DISC InfoSec if you have a question regarding ISO 27001 implementation. Explore the subject of Cyber Attack Download a Security Risk Assessment Steps paper! Subscribe to DISC InfoSec blog by Email Take an awareness quiz to test your basic cybersecurity knowledge DISC InfoSec 🔒 securing the business […]

ISO 27k books reading list   Many ISO 27001 practitioners attend ISO 27001 Lead Implementer courses or buy a ISO 27001 TOOLKIT to gain practical knowledge and skills to develop an information security management system (ISMS). Some go even further by securing a budget to call in an experienced ISO 27001 consultant to guide them through the process […]

Because of the COVID-19 crisis, ISO enabled free access to ISO 22301, ISO 22395, ISO 22320, ISO 22316, and ISO 31000 standards – find the links here. Source: ISO 31000 and ISO 22301 available now for free to read ISO standards:   Subscribe to DISC InfoSec blog by Email

ISO/IEC 27701 is the international standard that serves as an extension to an ISO 27001/ ISO 27002 #ISMS (information security management system). It provides guidelines for implementing, maintaining, and continually improving a #PIMS (privacy information management system). Develop a privacy information management system as an extension to your ISO 27001-conformant ISMS with ISO/IEC 27701. Supports […]

NIST CyberSecurity Framework and ISO 27001 How to get started with the NIST Cybersecurity Framework (CSF) – Includes Preso Written Information Security Program (WISP) – ISO 27002, NIST Cybersecurity Framework & NIST 800-53 What is ISO 27001? Virtual Session: NIST Cybersecurity Framework Explained Enter your email address: Delivered by FeedBurner

The best practice guide for an effective infoSec function: iTnews has put together a bit of advice from various controls including ISO 27k and NIST CSF to guide you through what’s needed to build an effective information security management system (ISMS) within your organization. This comprehensive report is a must-have reference for executives, senior managers […]

Understanding the differences between ISO 27001 and ISO 27002  Luke Irwin  2nd April 2019 Anyone with an interest in information security will have encountered ISO 27001, the international standard that describes best practice for an ISMS (information security management system). However, you might not be as familiar with ISO 27002. It’s a supplementary standard that provides advice […]

Every day, big companies are still getting breached despite their security products. F-Secure’s Mikko Hypponen warns that companies that say ‘use our technology and you will not have a breach’ actually make it much harder for clients to think about and be ready for a breach. Source: Just Having A Security Product Doesn’t Make You […]

IT Governance Ltd, the world’s one-stop shop for ISO27001 information, books, toolkits, training and consultancy for ISO27001 Information Security Management, has now sold 1,034 copies of its ISO27001 ISMS Documentation Toolkit. “We estimate that between 5% and 10% of all ISO27001-certified organisations worldwide have drawn on the comprehensive, best practice templates contained in our ISO27001 […]

ISO27002: 2013 compliant! This tool has a very specific, high-level purpose in any ISMS project, which is to quickly and clearly identify the controls and control areas in which an organization does not conform to the requirements of the standard. Use this self-assessment tool to quickly and clearly identify the extent to which your organization […]

Combine with the ISO 9001:2015 QMS Documentation Toolkit and/or the ISO 14001:2015 EMS Documentation Toolkit to create an ISO 27001- compliant integrated management system (IMS). ISO 27001 ISMS Documentation Toolkit Bolt-on DISC InfoSec 🔒 securing the business 🔒 Cyber Security Awareness ↑ Grab this Headline Animator

    Download ISO27000 family of information security standards today! • ISO27001 2013 ISMS Requirement (Download now) • ISO27002 2013 Code of Practice for ISM (Download now) ISO27003 – Implementation Guidance ISO27004 – Information Security Metrics ISO27005 – Information Security Risk Management ISO27006 – ISMS Certification Guide  ISO 27001 Do It Yourself Package (Download)   ISO 27001 Training Courses –  Browse the ISO 27001 […]

Achieving and maintaining accredited certification to ISO 27001 can be complicated, especially for those who are new to the Standard. Aligned with the latest iteration of ISO 27001:2013, the North American edition of Nine Steps to Success – An ISO 27001 Implementation Overview is ideal for anyone tackling ISO 27001 for the first time. In nine critical […]

A comprehensive information security management system (as defined by the requirements contained in ISO 27001) details the steps required for the effective management of information security (and cyber security) risks. An ISO 27001 gap analysis is a sensible starting point for assessing the gaps in your information security regime. Even if you aren’t considering certification to ISO 27001, an in-person gap […]

By Julia Dutton Organizations have until 25 May 2018 to comply with the EU General Data Protection Regulation (GDPR). Those who have studied the Regulation will be aware that there are many references to certification schemes, seals and marks. The GDPR encourages the use of certification schemes like ISO 27001 to serve the purpose of demonstrating that the organisation is actively […]

Conducting an asset-based risk assessment in ISO 27001:2013 – Vigilant Software The nature of ISO27001 is that it is heavily focused on risk-based planning. This is to ensure that the identified information risks are appropriately managed according to the threats and the nature of the threats. While asset-based risk assessments are still widely regarded as best practice, […]

  A specialist, in-person review of your current information security posture against the requirements of ISO/IEC 27001:2013. Get the true picture of your ISO 27001 compliance gap, and receive expert advice on how to scope your project and establish your project resource requirements. What to expect: An ISO 27001 specialist will interview key stakeholders  and […]

The textbook for the Open University’s postgraduate information security course. The recommended textbook for all IBITGQ ISO 27001 courses. Available in softcover or eBook format. Description Fully updated expert information security management and governance guidance based on the international standard for information security management, ISO 27001. As global threats to information security increase in frequency […]