The Importance of ISO27001 in 2015

18th March 2015 Author: InfoSaaS

Analysts and commentators seem to be giving over more column inches to the subject of information security this year than ever before, and the international information security standard ISO27001 is being frequently cited as the most effective approach for an organisation to demonstrate to its customers that data security is well and truly under control. So why the increase in attention this year? We have identified two areas which we believe can explain much of this renewed...

Getting Security Right … Santa Style!

14th December 2014 Author: InfoSaaS

We've spent much of 2014 watching the information security mishaps in the global empires of Home Depot, Wal-Mart and Sony, to name but a few. But have we overlooked the risks associated with the largest data controller in the world? It all starts with sacks full of envelopes addressed, in best crayon, to "Father chrismus, Norf pole" (assuming that the local postal service actually delivers them). The volumes of data handled at this time of year by Mr F. Christmas (also known as Mr S....

Choosing the Right Risk Assessment Solution

13th December 2014 Author: InfoSaaS

ISO27001 is the international standard for Information Security Management Systems (ISMS), and with an ever increasing number of cyber security threats it's not surprising that so many organisations around the world seek to demonstrate their competencies by achieving ISO27001 certification. At its core is the requirement to implement and manage an effective risk assessment activity, and doing this well is essential to fully protect your organisation and its valuable data. Traditionally...

Developing an Appetite for Risk?

8th November 2014 Author: InfoSaaS

Risk assessment methodologies such as InfoSaaS are based around calculating levels of risk, and comparing the result against pre-defined levels determined by the organisation as being their "risk appetite". But what does this term actually mean, how it is calculated and how does it become a pragmatic yet effective foundation to your Information Security Management System? From the outset, having an appetite for risk is a strange concept to many, who quite reasonably believe that nobody would...

Risk Terminology for Beginners

7th September 2014 Author: InfoSaaS

Amongst the key requirements of the ISO27001 Information Security Management System standard are activities related to the establishment, implementation, operation and management of an effective risk assessment framework. The standard expects that all relevant "threats" and "vulnerabilities" are assessed, but do we fully understand the difference between these two terms and "risk"? A vulnerability is a weakness in an asset that by its ongoing existence could be used to cause it some damage...

Social Media, Identity Theft and Corporate Risks

5th August 2014 Author: InfoSaaS

Introduction The growth of web-based social media applications such as Facebook, Twitter and LinkedIn presents a set of unique challenges to organisations, both with respect to the individual users and also the possibility of breaching corporate information security principles. Addressing these risks is an important objective of an Information Security Management System, and should be given proper consideration during formal risk assessment activities. It is known that law enforcement and...

ISO27001 in Plain English

28th July 2014 Author: InfoSaaS

Often perceived as shrouded in an eerie mist of complexity and strange terminology, ISO27001 is an established information security standard. In this blog we'll explain what this means - in layman's terms - and explain why it is a sensible investment for organisations of all shapes and sizes. In its simplest form, it's a structured framework which helps organisations to understand what their valuable information is, develop an appreciation for the sort of "bad things" which can happen to that...

Introducing InfoSaaS Assure

21st July 2014 Author: InfoSaaS

Every organisation needs to properly manage and protect information, both its own and the data entrusted to it by its customers. An international standard (ISO27001) exists to help organisations implement the controls necessary to achieve this important objective, but this is commonly perceived as being complicated, expensive, disruptive to implement properly, and a potential cash machine for "day rate consultants". InfoSaaS has been developed to make information security an achievable goal...