Toggle SlidingBar Area

Dejan Kosutic

/Dejan Kosutic

About Dejan Kosutic

This author has not yet filled in any details.
So far Dejan Kosutic has created 24 blog entries.

Should information security focus on asset protection, compliance, or corporate governance?

Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all, this is what the first (2005) revision of ISO 27001, and its predecessor BS 7799-2, also emphasized. These standards required companies to identify all the assets, and then build the ...

The post Should information security focus on asset protection, compliance, or corporate governance? appeared first on 27001Academy.

By | März 13th, 2017|BSI, ISMS, ISMS (BSI, ISO 27001), ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Should information security focus on asset protection, compliance, or corporate governance?
Read More

Aligning information security with the strategic direction of a company according to ISO 27001

There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term “survival” of an Information Security Management System (ISMS) in a company: this is the requirement from clause 5.1 that says that top management needs to ensure that the information security ...

The post Aligning information security with the strategic direction of a company according to ISO 27001 appeared first on 27001Academy.

By | Februar 20th, 2017|BSI, ISMS, ISMS (BSI, ISO 27001), ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Aligning information security with the strategic direction of a company according to ISO 27001
Read More

Where does information security fit into a company?

Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who should be handling information security and from which organizational unit, let’s see first the conceptual ...

The post Where does information security fit into a company? appeared first on 27001Academy.

By | Oktober 24th, 2016|Blog, BSI, Business continuity, CISO, cybersecurity, Information security, ISMS, ISMS (BSI, ISO 27001), ISO27001, Notfallmanagement, organization, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Where does information security fit into a company?
Read More

Where does information security fit into a company?

Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who should be handling information security and from which organizational unit, let’s see first the conceptual ...

The post Where does information security fit into a company? appeared first on 27001Academy.

By | Oktober 24th, 2016|BSI, ISMS, ISMS (BSI, ISO 27001), ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Where does information security fit into a company?
Read More

Where does information security fit into a company?

Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who should be handling information security and from which organizational unit, let’s see first the conceptual ...

The post Where does information security fit into a company? appeared first on 27001Academy.

By | Oktober 24th, 2016|Blog, BSI, Business continuity, CISO, cybersecurity, Information security, ISMS, ISMS (BSI, ISO 27001), ISO27001, Notfallmanagement, organization, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Where does information security fit into a company?
Read More

4 crucial techniques for convincing your top management about ISO 27001 implementation

Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to work very hard to convince them. Essentially, you need to have two elements to be successful in that process: (1) prepare a list of business benefits that are really applicable ...

The post 4 crucial techniques for convincing your top management about ISO 27001 implementation appeared first on 27001Academy.

By | September 12th, 2016|Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001 benefits, ISO 27001 implementation, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, top management, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für 4 crucial techniques for convincing your top management about ISO 27001 implementation
Read More

4 crucial techniques for convincing your top management about ISO 27001 implementation

Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to work very hard to convince them. Essentially, you need to have two elements to be successful in that process: (1) prepare a list of business benefits that are really applicable ...

The post 4 crucial techniques for convincing your top management about ISO 27001 implementation appeared first on 27001Academy.

By | September 12th, 2016|Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001 benefits, ISO 27001 implementation, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, top management, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für 4 crucial techniques for convincing your top management about ISO 27001 implementation
Read More

How to prepare for an ISO 27001 internal audit

Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless” job is done, the better. But, such a rush will only create problems, and make the internal audit longer than necessary. So, let’s see what you have to prepare to ...

The post How to prepare for an ISO 27001 internal audit appeared first on 27001Academy.

By | Juli 11th, 2016|Blog, BSI, Documentation, Internal Audit, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO 9001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to prepare for an ISO 27001 internal audit
Read More

How to prepare for an ISO 27001 internal audit

Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless” job is done, the better. But, such a rush will only create problems, and make the internal audit longer than necessary. So, let’s see what you have to prepare to ...

The post How to prepare for an ISO 27001 internal audit appeared first on 27001Academy.

By | Juli 11th, 2016|Blog, BSI, Documentation, Internal Audit, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO 9001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to prepare for an ISO 27001 internal audit
Read More

How to document roles and responsibilities according to ISO 27001

Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very detailed definition of roles and responsibilities. Actually, this is not true. Please don’t get me wrong: assigning and communicating roles and responsibilities is important, because that is how all employees in ...

The post How to document roles and responsibilities according to ISO 27001 appeared first on 27001Academy.

By | Juni 20th, 2016|Blog, BSI, CISO, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, roles and responsibilities, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to document roles and responsibilities according to ISO 27001
Read More

How to document roles and responsibilities according to ISO 27001

Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very detailed definition of roles and responsibilities. Actually, this is not true. Please don’t get me wrong: assigning and communicating roles and responsibilities is important, because that is how all employees in ...

The post How to document roles and responsibilities according to ISO 27001 appeared first on 27001Academy.

By | Juni 20th, 2016|Blog, BSI, CISO, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, roles and responsibilities, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to document roles and responsibilities according to ISO 27001
Read More

What should you write in your Information Security Policy according to ISO 27001?

Content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001 – very often the purpose of this document is misunderstood, and in many cases people tend to think they need to write everything about their security in this document. Well, this is not ...

The post What should you write in your Information Security Policy according to ISO 27001? appeared first on 27001Academy.

By | Mai 30th, 2016|Blog, BSI, information security policy, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für What should you write in your Information Security Policy according to ISO 27001?
Read More

What is an Information Security Management System (ISMS) according to ISO 27001?

If you’ve started an  ISO 27001 implementation, you’ve surely come up with the term Information Security Management System or ISMS. Pretty vague term, isn’t it? And yet, the ISMS is the main “product” of ISO 27001 implementation. So, what exactly is an ISMS? ISO 27001 basically describes how to develop the ...

The post What is an Information Security Management System (ISMS) according to ISO 27001? appeared first on 27001Academy.

By | Mai 23rd, 2016|Blog, BSI, controls, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für What is an Information Security Management System (ISMS) according to ISO 27001?
Read More

What is an Information Security Management System (ISMS) according to ISO 27001?

If you’ve started an  ISO 27001 implementation, you’ve surely come up with the term Information Security Management System or ISMS. Pretty vague term, isn’t it? And yet, the ISMS is the main “product” of ISO 27001 implementation. So, what exactly is an ISMS? ISO 27001 basically describes how to develop the ...

The post What is an Information Security Management System (ISMS) according to ISO 27001? appeared first on 27001Academy.

By | Mai 23rd, 2016|Blog, BSI, controls, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für What is an Information Security Management System (ISMS) according to ISO 27001?
Read More

4 mitigation options in risk treatment according to ISO 27001

Most people think risk assessment is the most difficult part of implementing ISO 27001 – true, risk assessment is probably the most complex, but risk treatment is definitely the one that is more strategic and more costly. The purpose of risk treatment seems rather simple: to control the risks identified during the risk ...

The post 4 mitigation options in risk treatment according to ISO 27001 appeared first on 27001Academy.

By | Mai 16th, 2016|Blog, BSI, budget, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, mitigation, Notfallmanagement, Penetrationstest, Penetrationstests, residual risk, Risikomanagement, risk options, risk treatment, unacceptable risk, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für 4 mitigation options in risk treatment according to ISO 27001
Read More
Kai Wittenburg