Information Security Management Systems

Introduction: The protection of organizational records is an essential aspect of information security.  A.18.1.3 of the ISO 27001 standard outlines the requirements for the protection of records.  The standard calls for a policy on records management that covers control requirements such as classification, categorization, record types, retention periods, allowable storage […]

Introduction: Intellectual property rights are a vital aspect of any organization, especially in the digital age where copyrighted materials and patented software are widely used.  The A.18.1.2 control objective of ISO/IEC 27001:2013 highlights the importance of implementing policies and procedures to ensure compliance with intellectual property rights.  This article will […]

Introduction: Compliance is an essential aspect of information security management, ensuring that organizations meet legal, regulatory, and contractual requirements.  The standard A.18.1.1 Identification of Applicable Legislation and Contractual Requirements emphasizes the importance of having a policy and compliance register to maintain compliance with various regulations.  The standard also focuses on […]

Introduction: Availability of information processing facilities is a critical aspect of information security management.  It is imperative that organizations maintain the availability of their ICT services to avoid any disruptions to their business operations.  The availability requirements for ICT services must be identified, and suitable arrangements must be put in […]

Introduction: Business continuity is a crucial aspect of information security management.  It ensures that an organization can maintain critical business functions and recover from disruptions in case of unforeseen events such as natural disasters, cyber-attacks, or any other incidents that can disrupt normal business operations.  ISO 27001 A.17.1.3 provides guidelines […]

Introduction: Business continuity planning (BCP) is a crucial aspect of information security management.  It helps organizations to identify and prepare for potential threats to their business operations and ensure they can maintain or restore their services within defined timeframes.  ISO/IEC 27001’s Annex A.17.1.2 provides guidelines for implementing information security continuity […]

Introduction: In today’s dynamic business environment, the need for business continuity planning is more critical than ever before.  Organizations must prepare for potential disruptions to their operations caused by unforeseen incidents, such as natural disasters, cyber attacks, and other events that could impact their ability to function.  The ISO/IEC 27001 […]

Introduction: Digital evidence is crucial in any incident response process, particularly in cases of cybercrime.  It can be used to identify and prosecute criminals, as well as improve an organization’s overall security posture.  Therefore, A.16.1.7 of ISO 27001 requires organizations to have defined processes for collecting digital forensic evidence.  In […]

Introduction: Organizations face the risk of information security incidents, which can cause harm to the organization, including financial loss, reputation damage, and legal consequences.  To minimize the impact of such incidents, organizations need to have an incident management process in place.  The A.16.1.6 control objective of the ISO/IEC 27001 standard […]

Introduction: Information security incidents are becoming increasingly common, and organisations need to be prepared to respond promptly and efficiently to such incidents.  ISO 27001, a standard for information security management, includes a set of controls under the section A.16 that deals with incident management.  A.16.1.5 focuses on the response to […]