Governance, Risk Management, and Compliance blog

Tips to help you building your information security policy - New vs. old ISO 27002

[fa icon="calendar'] Thursday, 05 June 2014 / by Jakob Holm Hansen

[fa icon="comment"] 0 comments

I have worked with information security for several years (despite my young age) and I have seen numerous different policies, rules, procedures, and other types of security documentation. What works best is to have a clear, well-defined breakdown between these, for example:

More [fa icon="long-arrow-right"]

How to measure ISO 27001 ISMS efficiency with KPIs

[fa icon="calendar'] Wednesday, 23 April 2014 / by Jakob Holm Hansen under ISO 27001, Information Security Standards, Information Security Management, KPI, metrics

[fa icon="comment"] 3 comments

Efficiency and productivity are discussed in many contexts. In information security management, it also makes sense to ensure processes are working effectively. But how do you measure whether your information security is effective and whether it is developing in the right direction?

More [fa icon="long-arrow-right"]

Has ‘Plan-Do-Check-Act´disappeared in the new ISO 27001?

[fa icon="calendar'] Friday, 04 April 2014 / by Jakob Holm Hansen under ISO 27001:2013, ISO 27001, Information Security Management, Information risk management, overview information security management, Compliance and task management, plan-do-check-act, ISMS, ISO Standards

[fa icon="comment"] 0 comments

The Plan-Do-Check-Act (PDCA) process originates from quality assurance in production environments, but has for some years also been a requirement in the ISMS standard ISO 27001 (ISMS = Information Security Management System).

More [fa icon="long-arrow-right"]

New Webinar series on Information Security Management best practice

[fa icon="calendar'] Wednesday, 13 November 2013 / by Jakob Holm Hansen

[fa icon="comment"] 0 comments

Join us when Founder and CEO Lars Neupart gives a guided tour through ISO 27001, related standards and best practices for information security management. Click below and sign up for one or more half-hour webinars:

More [fa icon="long-arrow-right"]

The new ISO 27001 is out! How to develop a Statement of Applicability

[fa icon="calendar'] Friday, 11 October 2013 / by Jakob Holm Hansen under risk analysis, gap analysis, Information risk management, Statement of Applicability, SoA, risk treatment, controls, iso iec 27001:2013

[fa icon="comment"] 0 comments

The 2022 editions of the widely used standards for information security management, ISO 27001 and 27002 have been updated. The new versions contain a number of improvements that should be of interest to companies that lean towards ISO 27001 or comply with it.

More [fa icon="long-arrow-right"]

How to assess your business risks when going cloud

[fa icon="calendar'] Sunday, 11 August 2013 / by Jakob Holm Hansen under IT Outsourcing, Information risk management, Threat assessments, Risk assessments, Cloud computing security

[fa icon="comment"] 0 comments

Cloud computing promises many benefits. Cost reductions, improved efficiency and improved security is what many companies can gain from moving into the cloud.

More [fa icon="long-arrow-right"]

IT Risk Management increases your IT outsourcing success

[fa icon="calendar'] Monday, 03 June 2013 / by Jakob Holm Hansen under ISO 27001, IT Outsourcing, Information risk management, Threat assessments, Risk assessments, Outsourcing, SecureAware, ISO 27005

[fa icon="comment"] 0 comments

IT outsourcing can be a highly positive experience.

More [fa icon="long-arrow-right"]

Six questions about the ISO 27001 revision (with answers)

[fa icon="calendar'] Tuesday, 30 April 2013 / by Jakob Holm Hansen under ISO 27001, NIST SP 800-53, Information risk management, BrightTalk, Risk management

[fa icon="comment"] 0 comments

How does the ISO 27001 revision impact your risk management?

More [fa icon="long-arrow-right"]

Three ways the ISO 27001 revision will affect your company

[fa icon="calendar'] Monday, 15 April 2013 / by Jakob Holm Hansen under ISO 27001, KPI, ISMS, ISO 27001 revision, ISO 27005, ISO 31000

[fa icon="comment"] 0 comments

It has been eight years since the ISO 27001 standard was last revised but now changes are coming.

More [fa icon="long-arrow-right"]

4 responsible shortcuts to good enough risk assessments

[fa icon="calendar'] Wednesday, 23 May 2012 / by Jakob Holm Hansen under ISO 27001, Information Security Standards, Threat assessments, Risk assessments

[fa icon="comment"] 0 comments

Information security standards have at least two characteristics: 1) they can cure most sleep problems and 2) some describe a relatively perfect world where those responsible for information security have plenty of time and where there are enough resources to analyse needs and document decisions. Even though I may have started this post a little sarcastic, I'm actually a big supporter of standards and "best practice"; I see no reason to reinvent good stuff. I cannot do anything about the standards being boring, but I write this post to suggest some responsible shortcuts to a good start on risk assessments and as a pragmatic approach to ISO 27001 compliance (should you want that).

More [fa icon="long-arrow-right"]
All posts

GRC blog

The NorthGRC blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts

Try NorthGRC

NorthGRC has since 2002 helped enterprises manage complex regulatory mandates and operational risk. We aid businesses with compliance expertise by offering consultation and our full-featured Governance, Risk, and Compliance platform to everyone who faces requirements within ISO 27001/2, NIS2, GDPR, DORA, and many other standards.

© 2024 NorthGRC   -   Privacy policy
[fa icon="chevron-up"]