DISC InfoSec blog

Whether you’re a small organisation with limited resources or an international firm, achieving ISO 27001 certification will be a challenge. Anyone who has already been through the process will know that. You must assemble a team, conduct a gap analysis and risk assessment, apply security controls, create documentation and perform staff awareness training. And that’s before you […]

DISC InfoSec #InfoSecTools and #InfoSectraining #InfoSecLatestTitles #InfoSecServices Ask DISC an InfoSec & compliance related question

ISO 27001 Handbook If you want to understand ISO 27001, this handbook is all you need. It not only explains in a clear way what to do, but also the reasons why. This book helps you to bring the information security of your organization to the right level by using the ISO/IEC 27001 standard. An […]

Anyone with an interest in information security will have encountered ISO 27001, the international standard that describes best practice for an ISMS (information security management system). However, you might not be as familiar with ISO 27002. It’s a supplementary standard that provides advice on how to implement the security controls listed in Annex A of ISO 27001. Although ISO […]

With the number of ISO 27001 certifications rising fast in the US, organizations will be looking to implement an ISO 27001-compliant information security management system (ISMS) quickly, before any of their competitors. However, the hardest part of achieving ISO 27001 certification is providing the documentation for the ISMS. Often – particularly in more complex and […]

International law firms see ISO 27001 certification as competitive differentiator by Melanie Watson ISO 27001 has long been regarded as the information security standard to protect a company’s sensitive information, but more recently law firms have been viewing it as a key competitive differentiator in their field. Key selling point Shook, Hardy & Bacon achieved […]

ISO 27001 2013 high level review for making the transition from ISO 27001 2005 The Case for ISO 27001 (2013) Second Edition (Download the latest book in Adobe) It’s been several months now that highly anticipated release of the latest information security standard ISO 27001 2013 for the organization who have vested interest due to […]

Three years ago, California state IT council adopted the information security program guide which help organizations to comply with SB 1386. The council advised the use of information security standard ISO 27002 framework to comply and meet the needs of SB 1386. This legislation deals with the security of personal information and is applicable to […]

Information Security Risk Management for ISO27001 / ISO27002 The State of California has adopted ISO/IEC 27002 as its standard for information security and recommends other organizations and vendors to use this standard as guidance in their efforts to comply with California law. To achieve an ongoing compliance, major organizations require tools to comply with standard […]