ISO 27001

Cyber security affects companies of all sizes in all sectors. Moreover, threats are constantly evolving and your legal and regulatory requirements have become major issues – particularly with the introduction of the the GDPR (General Data Protection Regulation) and NIS Directive. All of this means that regular communication between management and the board regarding cyber security is more important than ever. It’s only by discussing these issues regularly and in a formal environment that you can protect your sensitive data and company interests. As you have probably seen, failure to do that could result in staggering financial penalties. So how should

The post 12 cyber security questions to ask your CISO appeared first on IT Governance UK Blog.

Read More 12 cyber security questions to ask your CISO

Documentation is a crucial part of any ISO 27001 implementation project, and one of the most important documents you need to complete is the SoA (Statement of Applicability). In this blog, we explain what an SoA is, why it’s important and how to produce one. What is a Statement of Applicability? An SoA summarises your organisation’s position on each of the 114 information security controls outlined in Annex A of ISO 27001. Clause 6.1.3 of the Standard states an SoA must: Identify which controls an organisation has selected to tackle identified risks; Explain why these have been selected; State whether

The post The importance of the Statement of Applicability in ISO 27001 – with template appeared first on IT Governance UK Blog.

Read More The importance of the Statement of Applicability in ISO 27001 – with template

As you start your ISO 27001 implementation project, you probably want to know about much as possible. Some people attend training courses to pick up the knowledge of ISO 27001, and others go one step further, hiring an ISO 27001 consultant to guide them through the process. Those are both excellent options for those with the time and budget, but what if you’re looking for a less expensive approach? In those cases, you can never underestimate the influence of a book. Indeed, most information security professionals begin their journeys by picking up a book or two on ISO 27001, because

The post 3 must-read books on ISO 27001 appeared first on IT Governance UK Blog.

Read More 3 must-read books on ISO 27001

Organisations that implement ISO 27001 must write a secure development policy. The requirements for doing this are outlined in Annex A.14 of the Standard: System acquisition, development and maintenance. In this blog, we explain how you can use ISO 27001’s guidelines to create your policy, and take a look at some of the controls you should implement. What is a secure development policy? A secure development policy is a set of rules that help organisations mitigate the risk of security vulnerabilities in development environments – i.e. the workspaces where organisations make changes to software and web applications without affecting the

The post How to create an ISO 27001 secure development policy – with template appeared first on IT Governance UK Blog.

Read More How to create an ISO 27001 secure development policy – with template

Protecting your organisation against cyber attacks can sometimes feel like a never-ending game of security whack-a-mole. As soon as you’ve secured one weakness, another one appears. This can demoralise any organisation and make them believe that good information security practices are impossible. However, there is a solution – but it requires a different way of thinking. Organisations must stop looking at each individual threat as it arises and instead build defences that are equipped to handle whatever cyber criminals throw at you. Doing that is simpler than it sounds. That’s because, as much as cyber criminals’ tactics evolve, they tend

The post 5 ways to improve your information security in 2021 appeared first on IT Governance UK Blog.

Read More 5 ways to improve your information security in 2021

We’re not going to lie: implementing an ISO 27001-compliant ISMS (information security management system) can be a challenge. But as the saying goes, nothing worth having comes easy, and ISO 27001 is definitely worth having. If you’re just getting started with ISO 27001, we’ve compiled this 9 step implementation checklist to help you along the way. Step 1: Assemble an implementation team Your first task is to appoint a project leader to oversee the implementation of the ISMS. They should have a well-rounded knowledge of information security as well as the authority to lead a team and give orders to

The post ISO 27001 checklist: a step-by-step guide to implementation appeared first on IT Governance UK Blog.

Read More ISO 27001 checklist: a step-by-step guide to implementation

Information security policies are essential for tackling organisations’ biggest weakness: their employees. Everything an organisation does to stay secure, from implementing technological defences to physical barriers, is reliant on people using them properly. It only takes one employee opening a phishing email or letting a crook into the premises for you to suffer a data breach. Information security policies are designed to mitigate that risk by helping staff understand their data protection obligations in various scenarios. Organisations can have as many policies as they like, covering anything that’s relevant to their business processes. But to help you get started, here are five policies

The post 5 information security policies your organisation must have appeared first on IT Governance UK Blog.

Read More 5 information security policies your organisation must have