Blog Posts Tagged with "ISO Standards"


Ensuring Continuity of Services During Change Incidents

January 25, 2013 Added by:Bozidar Spirovski

Services are most vulnerable during change. Continuity of service needs to be ensured during change, and large portions of several ISO and BSI standards are focused on proper management of change. However well controlled, an incident can occur during the change, thus causing failure of service...

Comments  (2)


ISMS Certification Does Not Equal Regulatory Compliance

December 27, 2012 Added by:Rebecca Herold

“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”

Comments  (0)


The Great Compliance Conundrum

May 10, 2012 Added by:Mark Gardner

The crux of the matter is why people bemoan compliance: To comply in this case requires no external verification, and in order to meet compliance you may avoid some as they're too hard to do or do not go deep enough, but still have the ability to turn and say that "we are compliant"...

Comments  (0)


Information Security Relief is Spelled ISO-27001

February 15, 2012 Added by:John Verry

No matter the industry or service offering, organizations processing data on behalf of clients are experiencing the pain of proving they are secure and compliant with client standards and the myriad of regulations which their clients are obligated. ISO-27001 spells relief...

Comments  (0)


The What and Why of Compliance

January 19, 2012 Added by:Fergal Glynn

What is a compliance framework? It’s an architected system of policies, controls and objectives designed to keep your business out of trouble and operating securely. It should measure risk and effectiveness, and keep constituents aware and up to date, since risk changes...

Comments  (0)


ISO 27002 – What Will the Next Revision Bring?

November 27, 2011 Added by:Dejan Kosutic

This most important link between ISO 27001 and ISO 27002 – identical structure of ISO 27001 Annex A and ISO 27002 controls – will most likely still be included in new revisions of both standards. However, the way it is structured and the individual controls will most probably change...

Comments  (0)


Auditing: Remote Access Security in 2011

August 15, 2011 Added by:Enno Rey

When the standards were written, endpoints were supposed to be mostly company managed Windows systems. In the meantime most organizations face an unmanaged mess composed of a growing number of smartphones and tablets, some company managed, while some are predominantly free floating...

Comments  (0)


ISO and IEC Publish Biometric Authentication Standard

August 15, 2011 Added by:Headlines

Unlike other authentication systems, the breach of biometric data is difficult to remedy. Users can not simply alter the authenticating data used to access secure networks, as one would with usernames and passwords - the data is permanently and uniquely identifiable to the individual user...

Comments  (0)


First Annual (Possibly Semi-Annual) OSSTMM Forum

March 02, 2011 Added by:Rod MacPherson

OSSTMM is very high level, and the thing that everyone seems to be in agreement on is the need for applied OSSTMM documents outlining how it can be applied to different realms, such as web applications, computer networks, system hardening, etc...

Comments  (4)


ISO 22301 to Replace BS 25999-2

March 01, 2011 Added by:Dejan Kosutic

The management part of BS 25999-2 will also be transferred to the new standard - document control, internal audit, management review, corrective and preventive actions, human resources management, etc. These elements exist in all other management standards - ISO 9001, ISO 14001, ISO 27001...

Comments  (0)