Categories
For Infosec professionals

Difference – ISO 27001:2005 and ISO 27001:2013 – Part 2 – Context

This is the second part to the series about the differences between ISO 27001:2005 and ISO 27001:2013. This post talks about the information security ‘context’ and how to establish it for an organisation.

Categories
For Infosec professionals

ISO 27001-2013. What’s Different – Part 1

When the ISO 27001:2013 was released, I did a quick write up about it here. Now that I have had some time to spend with the standard (get to know it better!), I am writing a more detailed comparison. This comparison will follow the typical comparison that I did for the BS25999 vs. ISO 22301. […]

Categories
Cybersecurity Humour For Infosec professionals

The case of the missing PDCA cycle

‘My dear Watson!’ exclaimed Holmes. “You are no doubt wondering about how they work in Japan.” I looked up in surprise. I was indeed pondering about the work culture in Japan. “Have you started performing black magic, then, Holmes? There can be no other explanation to this” I spake with wide eyes. “How can you […]

Categories
For Infosec professionals

The new ISO 27001

So, the new ISO 27001 is here. After 8  years, the entire ISMS approach has been revamped. The newer version of ISO 27001 aka. ISO 27001:2013 is a much slimmer document. There is no introduction to the process approach and – surprise surprise, no diagram of the Deming’s cycle. No beating around the bush for […]