Management Systems

Introduction: A.18.1.5, Regulation of Cryptographic Controls, is a crucial aspect of information security management.  It requires that an organization’s use of cryptography is compliant with all relevant laws, agreements, and regulations.  Cryptography is the process of using codes or ciphers to protect information from unauthorized access or modification, and it […]

Introduction: Information privacy is a critical aspect of any organization’s operations.  The mishandling of personally identifiable information (PII) can lead to serious reputational and legal consequences for businesses.  A.18.1.4 of the ISO 27001 standard provides guidelines for ensuring the privacy and protection of PII. In this article, we will discuss […]

Introduction: The protection of organizational records is an essential aspect of information security.  A.18.1.3 of the ISO 27001 standard outlines the requirements for the protection of records.  The standard calls for a policy on records management that covers control requirements such as classification, categorization, record types, retention periods, allowable storage […]

Introduction: Intellectual property rights are a vital aspect of any organization, especially in the digital age where copyrighted materials and patented software are widely used.  The A.18.1.2 control objective of ISO/IEC 27001:2013 highlights the importance of implementing policies and procedures to ensure compliance with intellectual property rights.  This article will […]

Introduction: Compliance is an essential aspect of information security management, ensuring that organizations meet legal, regulatory, and contractual requirements.  The standard A.18.1.1 Identification of Applicable Legislation and Contractual Requirements emphasizes the importance of having a policy and compliance register to maintain compliance with various regulations.  The standard also focuses on […]

Introduction: Availability of information processing facilities is a critical aspect of information security management.  It is imperative that organizations maintain the availability of their ICT services to avoid any disruptions to their business operations.  The availability requirements for ICT services must be identified, and suitable arrangements must be put in […]

Introduction: Business continuity is a crucial aspect of information security management.  It ensures that an organization can maintain critical business functions and recover from disruptions in case of unforeseen events such as natural disasters, cyber-attacks, or any other incidents that can disrupt normal business operations.  ISO 27001 A.17.1.3 provides guidelines […]

Introduction: Business continuity planning (BCP) is a crucial aspect of information security management.  It helps organizations to identify and prepare for potential threats to their business operations and ensure they can maintain or restore their services within defined timeframes.  ISO/IEC 27001’s Annex A.17.1.2 provides guidelines for implementing information security continuity […]

Introduction: In today’s dynamic business environment, the need for business continuity planning is more critical than ever before.  Organizations must prepare for potential disruptions to their operations caused by unforeseen incidents, such as natural disasters, cyber attacks, and other events that could impact their ability to function.  The ISO/IEC 27001 […]

Introduction: Digital evidence is crucial in any incident response process, particularly in cases of cybercrime.  It can be used to identify and prosecute criminals, as well as improve an organization’s overall security posture.  Therefore, A.16.1.7 of ISO 27001 requires organizations to have defined processes for collecting digital forensic evidence.  In […]