Browse our site

Search for.... iso 27001 (6)

Blog (65) ISO 27001 Trans­ition Guide (1) Remove
Blog

Navigating Legal, IP and PII Requirements in ISO 27001 Controls A.5.31 - A.5.34

In this post, we will cover the regulatory, legal and other requirements that are relevant to businesses, which include how to manage them to protect yourself from any potential litigation or other legal disputes. Controls around privacy, including intellectual property, personal identifiable information (PII) and how records are protected in controls A.5.31 to A.5.34 will be covered.
Show more
Blog

Strengthening User Device Security with Control A.8.01

This post will be the start of the journey through Section A.8 - Technological controls of Annex A of the ISO 27001:2022 standard. The controls in A.8 will cover all technology based controls within your ISMS, from user access and authentication, antivirus, network security, software, logging and monitoring among others. We begin with what is one of the largest risks and broadest categories…. Use...
Show more
Blog

Information security for SMEs

Industry 4.0, digitalization, and artificial intelligence: it's hard to imagine everyday working life without digital data flows. No matter how small or large your company is, which industry it belongs to, or whether it operates internationally or not, the topic of information security concerns everyone. Small and medium-sized enterprises (SMEs), in particular, should therefore see the revision o...
Show more
Blog

ISO 27001 Clause 5: A Focus on Leadership, Commitment, Responsibility and Information Security Policy

Welcome to our latest blog post dedicated to navigating the complexities of implementing an ISMS. This post will focus on the leadership and commitment necessary for the successful establishment, implementation, maintenance, and continual improvement of an ISMS. From fostering leadership buy-in to establishing clear roles and responsibilities, join us as we explore the critical steps required to ...
Show more
Blog

Revision of ISO 27002 - These are the changes

#27002: A refreshing revision of the standard with a streamlined structure, new content and contemporary indexing. In the first quarter of 2022, the update of ISO/IEC 27002 has been released as a harbinger for the revision of ISO/IEC 27001 expected in the fourth quarter of 2022. Read here what has changed with the new ISO 27002:2022 - and what this means in terms of the revision of ISO 27001:2022...
Show more
Blog

The new ISO/IEC 27001:2022 - key changes

Value-added business processes are driven by information and data. Without information exchange, nothing works in our digital economy. Our basic services are based on critical infrastructures whose functionality is highly dependent on the exchange of information and data. Information security extends far into the reality of our work and lives. Protecting information-driven daily operations, criti...
Show more
Blog

If you don’t have it, malicious actors can’t get it. Deleting, masking and preventing data leakage with controls A.8.10 and A.8.11 of ISO 27001:2022.

This post is a reasonably long post, which covers considerations on how you handle and consider how you store data. We include data masking, leakage prevention to help you protect the important data within your system. But, first, we start with information deletion, so working out how and when to remove data from your system. As the saying goes, if you don’t have it, it can’t be stolen.
Show more
Blog

Locking Down Your Security: Best Practices for Physical ISMS Protection in Controls A.7.1 - A.7.5 of ISO 27001

In this blog post, we move on from People Controls, and into those “Physical Controls” which aim to protect the physical premises where your data is stored and used. This includes your office, as well as any data centres that you may use. With the increased use of cloud services for data storage and processing, you may wish to assess the risks associated with your offices based on the data stored...
Show more
Blog

Standards for information security - an overview

In times when data and information are traded like commodities, protecting them is essential. One way to do this is to implement information security management based on the ISO/IEC 2700x series of information security standards. This is an international family of standards for IT security and information security in private, public or non-profit organizations. Based on ISO 27001, an information ...
Show more
Blog

Information security incidents: Employees as a success factor

IT security incidents and information security incidents are omnipresent in media reports today. But how do cybercriminals actually obtain the information they need to compromise IT systems? And how do they manage to send fake emails to as many employees of a company as possible? In this blog post, DQS explores how phishing attacks typically work today, why security awareness is so important, and...
Show more