Performing a risk assessment is a central part of the ISO 27001 process directed to implementing an ISMS (Information Security Management System). How could you protect any sort of environment without being fully aware of impending threats, the exposition level, and variables such as the likelihood of occurrence and estimated level of impact? Understanding all Read more…
From an information security management point of view, complying with the required laws, regulations and contractual obligations can be as much of a challenge as dealing with the ever-evolving threat landscape and new forms of attacks. What many organizations fail to understand is that both are equally important. Mandatory requirements can come in the form Read more…
If there is one thing the last couple years have made clear, it is the lack of respect towards personal data privacy. From companies with inadequate security controls leading to improper management of sensitive information to businesses making a profit by selling clients’ information and even government agencies that like to play big brother. At Read more…
The adoption of a corporate-wide compliance program is one of the most demanding projects you may undertake. Furthermore making the most of time-consuming tasks such as controls implementation, requires not only the experience and knowledge but also a holistic approach at the design level. Every organization is different. Standards were created keeping in mind that Read more…
In our ever changing technological and corporate environment, it is only natural for standards and best practices to receive regular updates that try to both accommodate corrections and improvements. That is what just recently happened to the American Institute of Certified Public Accountants criteria for the Trust Services Principles (TSP) by releasing a SOC 2 Content Read more…
As old the saying goes no good deed goes unpunished, and some may feel that goes with the aftermath of a successful ISO 27001 certification project. With your organization now certified, you might feel you could breathe a sigh of relief and take a long well-deserved vacation. Your ongoing effort to maintain your ISMS during Read more…
Risk management is an essential discipline for any organization. It does not matter what your business does, where it is located, what technology is used or how many people you are managing: Each and every organization is exposed to risks. How well you understand and handle your risk context can have direct implications on your Read more…
Governance, Risk, and Compliance (GRC) is increasingly becoming a more integral part of most businesses, especially with mandates of risk analysis and information security integration within all aspects of business processes. Most organizations have regulatory, contractual or legal requirements obligations, and complying with these may seem like a daunting task to manage, and it can Read more…
Your organization has decided to go for ISO 27001 certification, and your development team is not exactly fond of the idea. As the project kick-off date is getting closer and closer, you have overheard water cooler conversations that there is talk of open resistance by veteran employees that would rather migrate to a new company Read more…
Updated May 1, 2021 ISO 27001 and SOC 2 share a similar goal of improving the way your organization manages information security. Deciding between these two internationally recognized standards can be done by asking a fundamental question about your company. Which Compliance Standard Will Deliver More Value to Your Business? ISO 27001 and SOC 2 Read more…
StandardFusion Fit Analyzer