Information security and cybersecurity are closely related and overlap but have different goals. Information security addresses the confidentiality, integrity and availability of information, while cybersecurity is primarily concerned with protecting the lives, health and property of people and organisations, society and nations as a whole.
In smaller organisations, the accurate setup of direction and control of information security is relatively simple, especially when the scope of ISMS covers the entire organisation. For larger, geographically dispersed or more complex organisations, the situation is more complicated. In these cases, it is common that the ISMS covers only a part of the entity (organisation…
Business Impact Analysis (BIA) is the first step in a business continuity program. For ensuring business continuity, it is essential to know and understand the adverse effects that disruption of the supply of products and services would have on the organisation and stakeholders. The impact of disruptions usually increases over time – it may be negligible…
The new International Standard ISO/IEC TS 27006-2, which specifies requirements and provides guidance to bodies auditing and certifying a personal data management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, should be published shortly. Therefore, it is becoming increasingly clear what requirements certification bodies will have to comply with and how these requirements…
All organisations are exposed to internal and external influences that create uncertainty as to whether they will be able to achieve their goals. Risk management helps organisations identify potential threats and opportunities, identify appropriate strategies, and make informed decisions. Risk management is an essential part of the governance and management of an organisation at all…