Good Enough IT Risk Management

How to measure ISO 27001 ISMS efficiency with KPIs

[fa icon="calendar'] Wednesday, 23 April 2014 / by Lars Neupart under ISO 27001, Information Security Standards, Information Security Management, KPI, metrics

[fa icon="comment"] 1 comments

Efficiency and productivity are discussed in many contexts. In information security management, it also makes sense to ensure processes are working effectively. But how do you actually measure whether your information security is effective and whether it is developing in the right direction?

More [fa icon="long-arrow-right"]

How does the ISO 27001:2013 affect your risk management process?

[fa icon="calendar'] Monday, 29 July 2013 / by Charlotte Colding under ISO 27001, Information Security Standards, Information risk management, ISMS, Risk management, SecureAware, ISO 27001 revision, ISO 27005

[fa icon="comment"] 0 comments

ISO / IEC 27001 was introduced in 2005 and has become a very popular international standard. Now ISO 27001 is being revised and a new version is due later in 2013. I’ve looked at the changes before and outlined the main differences between the old and the new version.

More [fa icon="long-arrow-right"]

4 responsible shortcuts to good enough risk assessments

[fa icon="calendar'] Wednesday, 23 May 2012 / by Lars Neupart under ISO 27001, Information Security Standards, Threat assessments, Risk assessments

[fa icon="comment"] 0 comments

Information security standards have at least two characteristics: 1) they can cure most sleep problems and 2) some describe a relatively perfect world where those responsible for information security have plenty of time and where there are enough resources to analyse needs and document decisions. Even though I may have started this post a little sarcastic, I'm actually a big supporter of standards and "best practice"; I see no reason to reinvent good stuff. I cannot do anything about the standards being boring, but I write this post to suggest some responsible shortcuts to a good start on risk assessments and as a pragmatic approach to ISO 27001 compliance (should you want that).

More [fa icon="long-arrow-right"]

Good enough IT risk management

The Neupart blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts