There is a lot to be said for the similarities between getting breach ready, and getting beach ready. Both require careful planning

We left off last time out on Risk Treatment. The previous post is here. So following up using ISO 27001 as a

In my previous post, we left the GDPR review at Clause 74. This was quite a deliberate breakpoint, as Clause 75 and

The US Department of Defense recently released version 0.4 of its CyberSecurity Maturity Model Certification (CMMC). This is supposed to make third

On August 30th 2019, Judge Paul W. Grimm of the US District Court of Maryland set a precedent that could change the

Monitoring controls for ISO 27001 have been around for a while. Even back in the days of BS7799 (yes, I’m that old),

Third Party Security Assurance has made a pretty poor name for itself. This is due to many organisations paying lip-service to the

The ISO 27701 standard makes some additional control recommendations that are supposed to supplement ISO 27002 controls guidance. The ISO 27701 is

This is Part 3 of a series on Understanding ISO 27001. The other parts can be found here. Risk Management is a