In my previous two articles in this series focused on developing an Information Security Management System (ISMS) based on ISO 27001:2013, I presented the common myths associated with the standard. In this article, I am going to provide an overview of the standard and section 4 Context of the organisation.
Okay, I know I promised to delve into and discuss the requirements defined in 4 Context of the organisation. However, I realised that they are other common myths that I should dispel for those of you that are interested in implementing an Information Security Management System (ISMS) that conforms with ISO/IEC 27001:2013 (ISO 27001).
This is a new blog series on implementing an Information Security Management System (ISMS) based on ISO/IEC 27001:2013 (ISO 27001). This is the first in a series of blog articles aimed at helping organisations understand the value of implementing an ISMS that conforms with ISO 27001.
There is a significant focus within government agencies on the management of risks associated with the adoption of cloud services. This is to be expected as the general perception is that the “cloud” is risky and that adopting cloud services could result in bad outcomes.
How are risk owners and agency heads able to make informed decisions about ICT system accreditation without being provided with adequate information?
Axenic is proud to announce that all of its consultants are now certified as Information Security Management System (ISMS) Lead Auditors (ISO/IEC 27001:2013) by BSI (British Standards Institution).