ISMS is Not equal to Real Security!

Is having an information security management system equal to actual security?  Nop! Having an information security management system is not an indication of quality of security controls. Management systems are easier way of administration in a standard and systematic way, but they do not necessarily an indication of security control effectiveness.  As an example, ISO […]

How to effectively audit any ISO 27001 process?

First of all, auditor needs to be a SME, not only to the security management system, but also specifically in regards to ISO 27001. The reason is related to the fact that “terminology” or “particular definition” of terms is important.  Then there are three simple aspects of any process or policy document which should have been adequately addressed by […]

ISO 27001 Audit Tips and Tricks

the easy way to maintain an effective, low cost and smart ISO 27001 security management system Even though there is no magic behind auditing a system based on ISO 27001, there are simple tricks which help you handle ISO 27001 or many other similar standards and frameworks, both as and auditor and auditee. I would […]