iso27001 Archives - Alan Calder on IT Governance, Cyber Resilience, ISO 27001 and Brexit

Do you need a physical office in order to ISO/IEC 27001 certification?

Alan Calder May 4, 2020 ISO 27001

No. The standard was written to support organisations of all sizes, all types and in all sectors. And as it is increasingly normal for organisations to be largely or entirely home-based, accessing temporary office-space if, as and when, necessary, so …

[Continue Reading...]

ISO27001 – the Information Security Framework of the future

Alan Calder June 23, 2010 Compliance, Data Protection, ISMS, ISO 27001, IT Security

I agree entirely with John Verry’s description of today’s drivers for the adoption of ISO27001, which we expect to become more widely adopted over the next 15 years than ISO9001 is today (there are currently about 1 Million ISO9001 certifications worldwide). “Driven …

[Continue Reading...]

SharePoint Governance

Alan Calder May 5, 2010 Compliance, ISMS, ISO 27001, IT Governance, IT Security

The idea of applying the governance concept to the deployment and use of SharePoint within organisations does, at one level, seem odd- it seems a very detailed level for the application of concept which is fundamentally about how the board …

[Continue Reading...]

Password Security Dilemma

Alan Calder March 4, 2010 Data Protection, ISMS, ISO 27001, ISO 27002 (ISO 17999), IT Security

Commonly accepted best practice on password security is that passwords should be complex, changed frequently and never written down. Password complexity (8 alphanumeric characters, case sensitivity plus special characters) increases the level of difficulty associated with cracking it; password change regularity …

[Continue Reading...]

Take Data Protection Seriously, Please

Alan Calder February 26, 2009 IT Security

I did a presentation earlier this week at NITES, in Ireland. My topic was data protection and governance. I took the opportunity to make a number of linked points: We already have data protection legislation in the EU and US; These …

[Continue Reading...]

Prosecuting directors for information security failures

Alan Calder October 22, 2008 Compliance, Data Breaches, Data Protection, ISO 27001, IT Security

I’ve been of the view, for some time, that effective corporate information security will only come to pass when company directors are prosecuted, fined and jailed for failures to implement and maintain effective information security management systems. Here are two stories …

[Continue Reading...]

In the UK, it’s National Identity Fraud Prevention Week!

Alan Calder October 7, 2008 Compliance, Data Breaches, Data Protection, ISO 27001, IT Security, PCI DSS

Apparently, we’re today kicking off the UK National Identity Fraud Prevention Week – and research for RSA reveals wide-spread disbelief (as in, 90% of Britons) that their personal data are safe with banks and retailers, and half the people think that not enough is done …

[Continue Reading...]

Malware spillover

Alan Calder February 14, 2007 ISO 27001

Following the news a while ago that some Apple iPods had been shipped complete with a malware infection comes the story that your satnav system may also be a risk. TomTom has allegedly shipped devices that contain a Trojan virus …

[Continue Reading...]