Are you Breach ready?

Data breach

There is a lot to be said for the similarities between getting breach ready, and getting beach ready. Both require careful planning

Read More →

Third Party Security Assurance Questions – Part 2

Third Party Security Assurance

We left off last time out on Risk Treatment. The previous post is here. So following up using ISO 27001 as a

Read More →

Understanding ISO 27701 – Missing GDPR Controls Part 2

GDPR, ISO 27701

In my previous post, we left the GDPR review at Clause 74. This was quite a deliberate breakpoint, as Clause 75 and

Read More →

How not to create a Maturity Model for Third Parties

Third Party Security Assurance

The US Department of Defense recently released version 0.4 of its CyberSecurity Maturity Model Certification (CMMC). This is supposed to make third

Read More →

Marriott needs to show Forensic Report

Data breach

On August 30th 2019, Judge Paul W. Grimm of the US District Court of Maryland set a precedent that could change the

Read More →

Monitoring Controls for ISO 27701

ISO 27701

Monitoring controls for ISO 27001 have been around for a while. Even back in the days of BS7799 (yes, I’m that old),

Read More →

Third Party Security Assurance Questions

Third Party Security Assurance

Third Party Security Assurance has made a pretty poor name for itself. This is due to many organisations paying lip-service to the

Read More →

ISO 27701 and missing GDPR Controls

GDPR, ISO 27701

The ISO 27701 standard makes some additional control recommendations that are supposed to supplement ISO 27002 controls guidance. The ISO 27701 is

Read More →

Understanding ISO 27001 – Part 3 – Risk Treatment

ISO 27001

This is Part 3 of a series on Understanding ISO 27001. The other parts can be found here. Risk Management is a

Read More →