Blog

/Blog

Does ISO 27001 implementation satisfy EU GDPR requirements?

Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General Data Protection Regulation (EU GDPR) requirements?” and “Our company is ISO 27001 certified. Are we already compliant with EU GDPR?” The new regulation introduces a set of rules that require ...

The post Does ISO 27001 implementation satisfy EU GDPR requirements? appeared first on 27001Academy.

By | Oktober 17th, 2016|Blog, BSI, compliance, EU GDPR, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, risk, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Does ISO 27001 implementation satisfy EU GDPR requirements?

Does ISO 27001 implementation satisfy EU GDPR requirements?

Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General Data Protection Regulation (EU GDPR) requirements?” and “Our company is ISO 27001 certified. Are we already compliant with EU GDPR?” The new regulation introduces a set of rules that require ...

The post Does ISO 27001 implementation satisfy EU GDPR requirements? appeared first on 27001Academy.

By | Oktober 17th, 2016|Blog, BSI, compliance, EU GDPR, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, risk, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Does ISO 27001 implementation satisfy EU GDPR requirements?

How to integrate COSO, COBIT, and ISO 27001 frameworks

Recently, the ISO (International Standardization Organization) updated ISO 9001, ISO 14001, and ISO 27001 to make easier to use them together. But, how do they interact with practices outside the ISO world? How to integrate COSO, COBIT, and ISO 27001 frameworks. This article will present how ISO 27001 can be ...

The post How to integrate COSO, COBIT, and ISO 27001 frameworks appeared first on 27001Academy.

By | Oktober 10th, 2016|Blog, BSI, COBIT, COSO, integration, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to integrate COSO, COBIT, and ISO 27001 frameworks

What is the EU GDPR and why is it applicable to the whole world?

The General Data Protection Regulation (GDPR) will replace the actual Directive (Data Protection Directive 95/46/EC). It will not apply until May 25, 2018, but it does require companies to start preparing now, taking into account some obligations may be onerous and time consuming to implement. What is personal data? Based ...

The post What is the EU GDPR and why is it applicable to the whole world? appeared first on 27001Academy.

By | Oktober 3rd, 2016|Blog, BSI, compliance, EU GDPR, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, risk, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für What is the EU GDPR and why is it applicable to the whole world?

What is the EU GDPR and why is it applicable to the whole world?

The General Data Protection Regulation (GDPR) will replace the actual Directive (Data Protection Directive 95/46/EC). It will not apply until May 25, 2018, but it does require companies to start preparing now, taking into account some obligations may be onerous and time consuming to implement. What is personal data? Based ...

The post What is the EU GDPR and why is it applicable to the whole world? appeared first on 27001Academy.

By | Oktober 3rd, 2016|Blog, BSI, compliance, EU GDPR, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, risk, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für What is the EU GDPR and why is it applicable to the whole world?

Network segregation in cloud environments according to ISO 27017

In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation according to ISO 27001 control A.13.1.3), and while the concepts presented there are still valid when you consider network segregation in cloud computing environments, some new considerations must be made. ...

The post Network segregation in cloud environments according to ISO 27017 appeared first on 27001Academy.

By | September 26th, 2016|Blog, BSI, cloud environment, cloud services, ISMS, ISMS (BSI, ISO 27001), ISO 27017, ISO27001, network segregation, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Network segregation in cloud environments according to ISO 27017

Network segregation in cloud environments according to ISO 27017

In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation according to ISO 27001 control A.13.1.3), and while the concepts presented there are still valid when you consider network segregation in cloud computing environments, some new considerations must be made. ...

The post Network segregation in cloud environments according to ISO 27017 appeared first on 27001Academy.

By | September 26th, 2016|Blog, BSI, cloud environment, cloud services, ISMS, ISMS (BSI, ISO 27001), ISO 27017, ISO27001, network segregation, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Network segregation in cloud environments according to ISO 27017

How to use ISO 27017 to manage legal risks related to geographical location

Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer and a network connection to work with data, applications, and resources. While from user’s point of view this is true, cloud services ultimately rely on physical infrastructure, which has to ...

The post How to use ISO 27017 to manage legal risks related to geographical location appeared first on 27001Academy.

By | September 19th, 2016|Blog, BSI, cloud security, Geographical location, ISMS, ISMS (BSI, ISO 27001), ISO 27017, ISO27001, Legal Issues, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to use ISO 27017 to manage legal risks related to geographical location

How to use ISO 27017 to manage legal risks related to geographical location

Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer and a network connection to work with data, applications, and resources. While from user’s point of view this is true, cloud services ultimately rely on physical infrastructure, which has to ...

The post How to use ISO 27017 to manage legal risks related to geographical location appeared first on 27001Academy.

By | September 19th, 2016|Blog, BSI, cloud security, Geographical location, ISMS, ISMS (BSI, ISO 27001), ISO 27017, ISO27001, Legal Issues, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to use ISO 27017 to manage legal risks related to geographical location

4 crucial techniques for convincing your top management about ISO 27001 implementation

Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to work very hard to convince them. Essentially, you need to have two elements to be successful in that process: (1) prepare a list of business benefits that are really applicable ...

The post 4 crucial techniques for convincing your top management about ISO 27001 implementation appeared first on 27001Academy.

By | September 12th, 2016|Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001 benefits, ISO 27001 implementation, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, top management, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für 4 crucial techniques for convincing your top management about ISO 27001 implementation

4 crucial techniques for convincing your top management about ISO 27001 implementation

Don’t expect your management to understand on their own why ISO 27001 is good for their company – you have to work very hard to convince them. Essentially, you need to have two elements to be successful in that process: (1) prepare a list of business benefits that are really applicable ...

The post 4 crucial techniques for convincing your top management about ISO 27001 implementation appeared first on 27001Academy.

By | September 12th, 2016|Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001 benefits, ISO 27001 implementation, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, top management, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für 4 crucial techniques for convincing your top management about ISO 27001 implementation

Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003

Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information Security, Business Continuity, Supply Chain Security, and possibly others), the term is widely used but ...

The post Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003 appeared first on 27001Academy.

Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003

Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information Security, Business Continuity, Supply Chain Security, and possibly others), the term is widely used but ...

The post Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003 appeared first on 27001Academy.

What does ISO 27001 Lead Auditor training look like?

In the last four years I’ve been preparing and presenting a lot of trainings for ISO 27001 Lead Auditor. At the end, participants understand that this is just the beginning of the journey to reach the “end of the stairs,” and become a professional in ISMS (Information Security Management System) auditing.  ...

The post What does ISO 27001 Lead Auditor training look like? appeared first on 27001Academy.

By | August 29th, 2016|Blog, BSI, course, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Lead Auditor, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Training, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für What does ISO 27001 Lead Auditor training look like?

What does ISO 27001 Lead Auditor training look like?

In the last four years I’ve been preparing and presenting a lot of trainings for ISO 27001 Lead Auditor. At the end, participants understand that this is just the beginning of the journey to reach the “end of the stairs,” and become a professional in ISMS (Information Security Management System) auditing.  ...

The post What does ISO 27001 Lead Auditor training look like? appeared first on 27001Academy.

By | August 29th, 2016|Blog, BSI, course, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Lead Auditor, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Training, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für What does ISO 27001 Lead Auditor training look like?