The US suffers more cyber security incidents than any other country, so it’s no surprise that customers, partners, authorities and other stakeholders all want assurances that organisations are taking reasonable steps to prevent data breaches. With that in mind, demand for ISO 27001 certification is increasing. What is ISO 27001? ISO 27001 is the internationally recognised…
Category: ISO 27001
Global Security News, ISO 27001
List of US Accredited Certification Bodies for ISO 27001
When seeking certification to ISO 27001, you should always avoid non-accredited certification bodies. Non-accredited certification bodies (and those that falsely claim to be accredited) may not be subject to regular performance, quality and competence monitoring by a national accreditation body such as ANAB (ANSI-ASQ National Accreditation Board). Plus, they usually don’t operate in line with the…
Global Security News, ISO 27001, iso27001documentkit
ISO 27001 Checklist: 9-step Implementation Guide
We’re not going to lie: implementing an ISO 27001-compliant ISMS (information security management system) can be a challenge But as the saying goes, nothing worth having comes easy, and ISO 27001 compliance is worth having. If you’re just getting started with the Standard, we’ve compiled this 9-step ISO 27001 requirements checklist to help you. Step…
Global Security News, ISO 27001, North America, SOC 2
ISO 27001 vs SOC 2 Certification: What’s the Difference?
Want to improve your data security but can’t decide between ISO 27001 and SOC 2? You’re in a familiar position. They’re two of the most popular information security and risk management frameworks in the world, and each one has its benefits. But what is the difference between SOC 2 and ISO 27001? Let’s look at which one is…
Global Security News, ISO 27001, Uncategorised
Data Leakage Prevention and Data Deletion: ISO 27001 Controls 8.12 and 8.12 Explained
ISO 27001:2022 introduced several new controls designed to reflect modern security practices and the ways organisations use and manage data. Two of the most practical additions sit in the operational controls: 8.12 (data leakage prevention) and 8.10 (data deletion). Both address longstanding weaknesses in many ISMSs (information security management systems). They focus on the lifecycle…
Exploits, Global Security News, ISO 27001
Threat Intelligence – ISO 27001:2022 Control 5.7 Explained
Cyber attacks evolve faster than traditional security review cycles. So, to stay secure, organisations need a clearer understanding of the threats that are most relevant to their systems, data and business operations. Threat intelligence is the process of collecting and analysing information about these threats so that security decisions are informed by real-world attack patterns…
Europe, Global Security News, ISO 27001, NIS2, Training
How DORA fits with ISO 27001, NIS2 and the GDPR
Although DORA (the EU Digital Operational Resilience Act) has been in effect since January 2025, organisations that supply the EU’s financial services sector are under growing pressure to demonstrate compliance with its requirements. For most, this isn’t about starting from scratch but about mapping what’s already in place, identifying where DORA goes further and then…
Cloud Security, Global Security News, ISO 27001
How To Comply with ISO 27001’s New Cloud Services Control
The 2022 update to ISO 27001 introduced a new control for the use of Cloud services. It outlines the policies and procedures that are required when acquiring, using, managing or exiting Cloud services. Adding this control was an obvious and necessary step given just how many organisations use Cloud services as part of their core…
Global Security News, ISO 27001, Training
Top 5 skills Every ISO 27001 Internal Auditor Needs
Internal audits are essential to ISO 27001 compliance, as mandated by Clause 9.2 – but what does it actually take to be an effective internal auditor? Many professionals know the Standard from a theoretical point of view but are less confident about audit practicalities such as interviewing staff, sampling evidence, writing findings and presenting results…
Global Security News, ISMS, ISO 27001, ISO 27001:2022
ISO 27001:2022 Clause 6 – What’s Changed and What You Need to Do about It
All ISO 27001:2013 certificates expire at the end of this month. For organisations that are yet to update their ISMS (information security management system) to align with the 2022 iteration of the Standard, there are inevitably certain areas that demand their attention more than others. One of these is the new Clause 6. What’s changed…
Global Security News, ISO 27001, Training
ISO 27001 for Non-IT Roles: A Beginner’s Guide
Think ISO 27001 is just for IT? Think again. A growing number of non-technical roles are being pulled into operational projects – from department heads who oversee processes that involve sensitive data to employees tasked with protecting the laptops, removeable devices and other technology they use to perform their job. The need for robust and effective information…
Global Security News, ISO 27001, Training
ISO 27001 Internal vs Lead Auditor Training Compared
Not sure whether to train as an ISO 27001 Internal Auditor or Lead Auditor? You’re not alone – it’s one of the most common questions we hear. This blog post explains what each course covers, who they suit, the core differences between them and how to decide which one is right for you. What the…
Global Security News, ISO 27001, Training
5 Reasons ISO 27001 Implementations Fail (and How to Avoid Them)
Most ISMS (information security management system) implementation projects don’t fail because of ISO 27001 itself but because of poor planning and execution. Achieving certification to the Standard requires more than policies and procedures: it demands leadership, integration and discipline across the business. Without them, projects stall, resources are wasted and certification is delayed or, worse,…
Global Security News, ISO 27001, Training
5 Reasons ISO 27001 Implementations Fail (and How to Avoid Them)
Most ISMS (information security management system) implementation projects don’t fail because of ISO 27001 itself but because of poor planning and execution. Achieving certification to the Standard requires more than policies and procedures: it demands leadership, integration and discipline across the business. Without them, projects stall, resources are wasted and certification is delayed or, worse,…
Global Security News, ISO 27001, Training
5 Reasons ISO 27001 Implementations Fail (and How to Avoid Them)
Most ISMS (information security management system) implementation projects don’t fail because of ISO 27001 itself but because of poor planning and execution. Achieving certification to the Standard requires more than policies and procedures: it demands leadership, integration and discipline across the business. Without them, projects stall, resources are wasted and certification is delayed or, worse,…
Cloud Security, cyber security, Global Security News, ISO 27001, ISO 27017, supply chain security
What Are ISO 27017 and ISO 27018, and What Are Their Controls?
Extending your ISMS to address Cloud security risks ISO 27001 sets out the specification for an ISMS (information security management system). But did you know you can extend your ISO 27001 ISMS to cover specific aspects of Cloud security? Let’s take a closer look at both ISO 27017 and ISO 27018. Note: The current versions…
cyber security, data protection, Global Security News, Information Security, ISMS, ISO 27001
Information Security vs Cyber Security: The Difference
You’ll often see the terms cyber security and information security used interchangeably. That’s because, in their most basic forms, they have the same aim: protecting the confidentiality, integrity and availability of information. This is also known as the ‘CIA triad’: Confidentiality: Protecting information from falling into the wrong hands. Integrity: Making sure the information is – and remains –…
cyber security, Emerging Tech, Global Security News, ISO 27001, risk assessment, Risk Management, vsrisk
7 Steps to a Successful ISO 27001 Risk Assessment – Updated for 2025
Risk assessments remain central to ISO 27001 compliance in 2025, ensuring your ISMS (information security management system) is robust and effective. ISO 27001:2022 and ISO 27002:2022 introduced several updates that organisations should incorporate into their risk assessment processes. Here are the seven essential steps for conducting a successful ISO 27001 risk assessment in line with…
Author of the month, cyber security, Global Security News, ISO 27001, Staff Awareness
Author of the Month: Bridget Kenyon
ISO 27001 Controls – A guide to implementing and auditing Bridget Kenyon is the CISO (chief information security officer) for SSCL. She’s also been on the ISO editing team for ISMS (information security management system) standards since 2006, and has served as lead editor for ISO/IEC 27001:2022 and ISO/IEC 27014:2020. Bridget is also a member of the…
Author of the month, cyber security, Global Security News, ISO 27001, Staff Awareness
Author of the Month: Bridget Kenyon
ISO 27001 Controls – A guide to implementing and auditing Bridget Kenyon is the CISO (chief information security officer) for SSCL. She’s also been on the ISO editing team for ISMS (information security management system) standards since 2006, and has served as lead editor for ISO/IEC 27001:2022 and ISO/IEC 27014:2020. Bridget is also a member of the…
Author of the month, cyber security, Global Security News, ISO 27001, Staff Awareness
Author of the Month: Bridget Kenyon
ISO 27001 Controls – A guide to implementing and auditing Bridget Kenyon is the CISO (chief information security officer) for SSCL. She’s also been on the ISO editing team for ISMS (information security management system) standards since 2006, and has served as lead editor for ISO/IEC 27001:2022 and ISO/IEC 27014:2020. Bridget is also a member of the…
Author of the month, cyber security, Global Security News, ISO 27001, Staff Awareness
Author of the Month: Bridget Kenyon
ISO 27001 Controls – A guide to implementing and auditing Bridget Kenyon is the CISO (chief information security officer) for SSCL. She’s also been on the ISO editing team for ISMS (information security management system) standards since 2006, and has served as lead editor for ISO/IEC 27001:2022 and ISO/IEC 27014:2020. Bridget is also a member of the…
Author of the month, cyber resilience, cyber security, Global Security News, ISO 22301, ISO 27001
Author of the Month: Andrew Pattison
This month, we are celebrating author Andrew Pattison! His book: NIST CSF 2.0 – Your essential introduction to managing cybersecurity risks was published in February 2025 and covers the latest updates to the NIST framework. The NIST CSF (Cybersecurity Framework) 2.0 is designed to help organisations prevent and protect themselves from cyber attacks. This…
Author of the month, cyber resilience, cyber security, Global Security News, ISO 22301, ISO 27001
Author of the Month: Andrew Pattison
This month, we are celebrating author Andrew Pattison! His book: NIST CSF 2.0 – Your essential introduction to managing cybersecurity risks was published in February 2025 and covers the latest updates to the NIST framework. The NIST CSF (Cybersecurity Framework) 2.0 is designed to help organisations prevent and protect themselves from cyber attacks. This…
Author of the month, cyber resilience, cyber security, Global Security News, ISO 22301, ISO 27001
Author of the Month: Andrew Pattison
This month, we are celebrating author Andrew Pattison! His book: NIST CSF 2.0 – Your essential introduction to managing cybersecurity risks was published in February 2025 and covers the latest updates to the NIST framework. The NIST CSF (Cybersecurity Framework) 2.0 is designed to help organisations prevent and protect themselves from cyber attacks. This…
Author of the month, cyber resilience, cyber security, Global Security News, ISO 22301, ISO 27001
Author of the Month: Andrew Pattison
This month, we are celebrating author Andrew Pattison! His book: NIST CSF 2.0 – Your essential introduction to managing cybersecurity risks was published in February 2025 and covers the latest updates to the NIST framework. The NIST CSF (Cybersecurity Framework) 2.0 is designed to help organisations prevent and protect themselves from cyber attacks. This…
Compliance, Cybersecurity, Global Security News, Governance, Risk & Compliance, ISO 27001, Security Bloggers Network
What is the Process of ISO 27001 Certification?
In 2025, the cost of cyberattacks will reach $10.5 trillion globally. The projected growth rate is 15% every year. While the cost of attack keeps increasing, a breach is now identified in 194 days on average. It takes 64 days to contain a breach and 88 days on average to resolve an attack facilitated through…
Compliance, Cybersecurity, Global Security News, Governance, Risk & Compliance, International Standard, ISO 27001, Regulatory Compliance, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X
A Gold Standard for Compliance: Why ISO 27001 is More Relevant Than Ever
With risks increasing and regulatory mandates growing in number, many organizations need a unified approach to compliance and security. The post A Gold Standard for Compliance: Why ISO 27001 is More Relevant Than Ever appeared first on Security Boulevard.
cyber resilience, cyber security, Expert insight, Exploits, Global Security News, ISO 27001
Why You Need Cyber Resilience and Defence in Depth
And how to become resilient with ISO 27001 and ISO 22301 Unfortunately, even the most secure organisation can suffer an incident. The odds are simply stacked against you: While you need to protect all your assets from all types of threat, an attacker needs only one exploitable weakness to get into your systems. Plus, any…
cyber resilience, cyber security, Expert insight, Exploits, Global Security News, ISO 27001
Why You Need Cyber Resilience and Defence in Depth
And how to become resilient with ISO 27001 and ISO 22301 Unfortunately, even the most secure organisation can suffer an incident. The odds are simply stacked against you: While you need to protect all your assets from all types of threat, an attacker needs only one exploitable weakness to get into your systems. Plus, any…
cyber resilience, cyber security, Expert insight, Exploits, Global Security News, ISO 27001
Why You Need Cyber Resilience and Defence in Depth
And how to become resilient with ISO 27001 and ISO 22301 Unfortunately, even the most secure organisation can suffer an incident. The odds are simply stacked against you: While you need to protect all your assets from all types of threat, an attacker needs only one exploitable weakness to get into your systems. Plus, any…
cyber resilience, cyber security, Expert insight, Exploits, Global Security News, ISO 27001
Why You Need Cyber Resilience and Defence in Depth
And how to become resilient with ISO 27001 and ISO 22301 Unfortunately, even the most secure organisation can suffer an incident. The odds are simply stacked against you: While you need to protect all your assets from all types of threat, an attacker needs only one exploitable weakness to get into your systems. Plus, any…
cyber security, Expert insight, Exploits, Global Security News, ISO 27001, Risk Management
How to Select Effective Security Controls
Risk–benefit analysis, defence in depth, information security objectives and proportionality Looking to mitigate your information security risks but not sure how to choose effective controls while staying on budget? Risk–benefit analysis is key, as is defence in depth. You also want to set information security objectives that are aligned to your business objectives, and be…
cyber security, Expert insight, Exploits, Global Security News, ISO 27001, Risk Management
How to Select Effective Security Controls
Risk–benefit analysis, defence in depth, information security objectives and proportionality Looking to mitigate your information security risks but not sure how to choose effective controls while staying on budget? Risk–benefit analysis is key, as is defence in depth. You also want to set information security objectives that are aligned to your business objectives, and be…
cyber security, Expert insight, Exploits, Global Security News, ISO 27001, Risk Management
How to Select Effective Security Controls
Risk–benefit analysis, defence in depth, information security objectives and proportionality Looking to mitigate your information security risks but not sure how to choose effective controls while staying on budget? Risk–benefit analysis is key, as is defence in depth. You also want to set information security objectives that are aligned to your business objectives, and be…
cyber security, Expert insight, Exploits, Global Security News, ISO 27001, Risk Management
How to Select Effective Security Controls
Risk–benefit analysis, defence in depth, information security objectives and proportionality Looking to mitigate your information security risks but not sure how to choose effective controls while staying on budget? Risk–benefit analysis is key, as is defence in depth. You also want to set information security objectives that are aligned to your business objectives, and be…
Global Security News, ISO 27001
HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules. Upon completion of these modules, you can appear for an examination and get certified as…
Global Security News, ISO 27001
HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules. Upon completion of these modules, you can appear for an examination and get certified as…
Global Security News, ISO 27001
HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules. Upon completion of these modules, you can appear for an examination and get certified as…
Global Security News, ISO 27001
HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules. Upon completion of these modules, you can appear for an examination and get certified as…