The currently valid international standard ISO/IEC 27002 was issued in 2013. A new version will soon replace it. The new structure introduces a breakdown of information security controls according to categories and several other attributes. The latest version of the standard defines new controls, changes the original controls and combines some controls. This article briefly describes the…
Information security and privacy are closely linked. And setting the right level of information security and privacy cannot be done without managing risks that can affect both organisations and individuals. Information security and privacy risks Information security risks relate to breaches of the confidentiality, integrity and availability of business processes or information. Organisations may use…
Generally, binding laws, standards and various norms determining the rules of conduct are an everyday part of our lives. Enormous developments, especially in information technology, business approaches and related regulations, force organisations, whether in the private or public sector, to streamline their activities. When it comes to efficiency in managing the management and control of…
Information security and cybersecurity are closely related and overlap but have different goals. Information security addresses the confidentiality, integrity and availability of information, while cybersecurity is primarily concerned with protecting the lives, health and property of people and organisations, society and nations as a whole.
In smaller organisations, the accurate setup of direction and control of information security is relatively simple, especially when the scope of ISMS covers the entire organisation. For larger, geographically dispersed or more complex organisations, the situation is more complicated. In these cases, it is common that the ISMS covers only a part of the entity (organisation…