In my previous two articles in this series focused on developing an Information Security Management System (ISMS) based on ISO 27001:2013, I presented the common myths associated with the standard. In this article, I am going to provide an overview of the standard and section 4 Context of the organisation.
Okay, I know I promised to delve into and discuss the requirements defined in 4 Context of the organisation. However, I realised that they are other common myths that I should dispel for those of you that are interested in implementing an Information Security Management System (ISMS) that conforms with ISO/IEC 27001:2013 (ISO 27001).
Happy New Year! During the Christmas break we moved to our new office. We are still in the same building, 187 Featherston Street, but are now located on the 4th floor.
This is not a new post, I originally wrote and published it nearly six years ago. However, based on a number of discussions I have been party to over the last few weeks, not much has changed since it was published so I thought I would repost it as a prologue for a new series of blog posts about risk, risk assessment and risk management.