Implementing an ISMS There are numerous ways of approaching the implementation of an ISMS.  The most common method to follow is a ‘Plan Do Check Act’ process. ISO 27001 is the international security standard that details the requirements of an ISMS. ISO 27001, along with the best-practice guidelines contained in ISO 27002, serve as two excellent guides […]

by Neil Ford The New York Stock Exchange (NYSE) has released a 355-page guide to cybersecurity (Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers), written by more than 80 individual contributors representing organizations including Booz Allen Hamilton, Dell SecureWorks, Georgia Institute of Technology, the Internet Security Alliance, Rackspace Inc., the US Department […]

Take a plunge into the world of ISO 27001 with these recommended reads by Desislava Aleksandrova As a professional embarking on your first journey implementing ISO 27001, you are probably hungry for knowledge and eager to make progress. While starting a new project may be exciting, it can also be daunting if you lack relevant […]

ISO 27001 Do It Yourself Package This is the do-it-yourself solution for ISO27001 implementation Cyber crime is increasing exponentially, and this trend will continue as more business activities move online and more consumers connect to the Internet. ISO/IEC 27001 is the only international information security management Standard that can help your organization protect its critical […]

To transition from ISO27001:2005 to ISO27001:2013 you may need a Gap Assessment Tool to prioritize your implementation plan. ISO27001 2013 ISMS Gap Analysis Tool, which quickly and clearly identify the controls and control areas in which an organization does not conform to the requirements of the standard. Available for immediate dispatch/download from IT Governance, this […]

The perfect introduction to the principles of information security management and ISO27001:2013 Most organizations implementing an information security management regime opt for systems based on the international standard, ISO/IEC 27001. This approach ensures that the systems they put in place are effective, reliable and auditable. Up to date with the latest version of the Standard […]

Is privacy a dependency of information security? by Jamie Titchener If you read the news on a regular basis, you will find that most of the cyber security or data protection articles play heavily on the fear of an individual’s privacy being compromised. But what many people don’t seem to realize is that privacy is in fact a dependency […]

by Ilenia Vidili In South Africa the Protection of Personal information Act (POPI) aims to regulate how companies secure the integrity and confidentiality of their data assets by taking technical and organisational measures to prevent the loss of, and damage and unauthorised access to, personal information. POPI was signed into law on 26th November 2013 […]

Personal Banking Apps study has been out,  a security researcher spent about 40 hours testing iPhone and iPad banking applications from the top 60 most influential banks in the world and his findings were totally shocking. 40 of those 60 applications were found to have major mobile security vulnerabilities, which is not something you’d expect […]

With 2013 coming to a close, ITG is reflecting on what a year it’s been for the IT governance, risk management and compliance (IT-GRC) industry. In 2013  we’ve seen the highly-awaited release of ISO 27001:2013, the requirements for PCI DSS v3.0 and the Adobe breach which affected at least 38 million users. Throughout it all, IT Governance […]

ISO 27001 2013 high level review for making the transition from ISO 27001 2005 The Case for ISO 27001 (2013) Second Edition (Download the latest book in Adobe) It’s been several months now that highly anticipated release of the latest information security standard ISO 27001 2013 for the organization who have vested interest due to […]

ISO27001:2013  ISO27001: 2013 – order your copy today >>> When can we become certified to ISO/IEC 27001:2013? by Lewis Morgan @ ITG At this moment in time, we can only provide an estimate which is based on the insight provided by Chair of the UK ISO/IEC 27001 User Group and Director of consultancy at IT Governance […]

vsRisk – The Cyber Security Risk Assessment Tool It is extremely difficult to carry out a risk assessment that will meet the requirements of ISO27001 without using a specialist information security risk assessment tool. While there are a wide range of products on the market that claim to meet these requirements, the reality is that […]

IT Governance 5: An International Guide to Data Security and ISO27001/ISO27002 This manual provides clear, unique guidance for both technical and non-technical managers. It details how to design, implement and deliver an ISMS that complies with ISO 27001. Now in its fifth edition, this title has been fully updated to take account of the latest […]

Cyber security is the protection of systems, networks and data in cyber space. If your system is connected on the internet, you should know and uderstand the risks of cyber space to take appropriate countermeasures. To understand the risks of cyber security,The first place is to begin with is a risk assessment. By completing a […]

Penetration testing (often called “pen testing” or “security testing”) establishes whether or not the security in place to protect a network or application against external threats is adequate and functioning correctly. It is an essential component of most ISO27001 and UK public sector contracts. Why would my company need penetration testing services? In a world […]

Why ISO 27001 certification is unavoidable Now a days, the ISO27001 standard has become an almost unavoidable factor in the field of information security. Compliance is unavoidable because most industries are heavily regulated. Seems like more legislations are on our way to redefine our actions on the internet. Because ISO 27001 requirements are largely a […]

Industry Update New Draft ISO27001 and ISO27002 Standards It has been announced that new Drafts of the two international information security standards ISO27001 (ISMS Requirements) and ISO27002 (Code of Practice) have been published. These Drafts have been published for the purpose of public consultation. As these are international standards, the consultation process operates internationally, via […]

First to start with a definition of risk – Risk is a function of the probability that an identified threat will occur and then impact the mission or business objectives of an organization. The kind of risks we deal with information assets are mostly those risks from which only loss can occur, which may be […]

The project planning process includes steps to estimate the size of the project, estimate the scope of the effort and resources, assess project risks, and produce an acceptable schedule after negotiating with control owner. Steps below provide a bullet list of project plan outline phases and action items of ISMS (ISO 27001). This is not […]