Why ISO 27001 Makes Information Security an Issue for the Board

Welcome to this week’s edition of Security Spotlight from IT Governance USA, where we shine a light on:

• Why ISO 27001 makes information security an issue for the board
• ISO 27001: how to continually improve your ISMS
• 6 practical tips for making cybersecurity everyone’s responsibility
• UnitedHealth data breach leaked info on over 100 million people
• Delta sues cybersecurity firm CrowdStrike over tech outage that canceled flights
• How to prepare for and achieve accredited certification to ISO 27001:2022 within three to six months

Why ISO 27001 Makes Information Security an Issue for the Board

A strong security culture – where everyone recognizes that they have a part to play in information security – has to come from the top.

If senior management show they’re taking security seriously, this’ll trickle down to staff.

The international standard for information security management, ISO 27001, recognizes this. In fact, “Leadership” is an explicit clause in the Standard: Clause 5.

In this blog

• What does ISO 27001 mean by ‘leadership’?
• What does Clause 5 of ISO 27001 say?
• Security is a matter for the board
• Clearly define risk to the board
• The benefits of ISO 27001

Read more??

ISO 27001: How to Continually Improve Your ISMS

Your ISO 27001 journey doesn’t end once you’ve implemented your ISMS (information security management system) and controls.

You must check your measures are doing what they’re supposed to do:

• Monitor their effectiveness
• Measure their performance against your objectives
• Continually improve your measures and overall system
• This reflects what you’re trying to address: information security risks.

Read more??

6 Practical Tips for Making Cybersecurity Everyone's Responsibility

One of the unfortunate side effects of the term ‘cybersecurity’ is that it sounds very technical.

This can lead people to conclude that it isn’t their problem, but something to be addressed by a group of people somewhere in the organization who are cyber experts.

However, the human factors in cybersecurity are increasingly recognized. The World Economic Forum Global Risks Report 2022 found that 95% of cybersecurity issues were “traced to human factor.”

Read more??

UnitedHealth data breach leaked info on over 100 million people

Insurance company UnitedHealth Group is confirming a ransomware attack earlier this year affected the private data of over 100 million people. The number was published in the US Department of Health and Human Services Office of Civil Rights (OCR) Breach Report on Thursday, making it the largest healthcare data breach on the list. Continue?reading??

Delta sues cybersecurity firm CrowdStrike over tech outage that canceled flights

Delta Air Lines sued CrowdStrike on Friday, claiming the cybersecurity company had cut corners and caused a worldwide technology outage that led to thousands of canceled flight in July. Continue?reading??

ISO 27001 FastTrack?

We will help with the following:

• Implementing a complete, documented ISMS that addresses your specific information security risks and business objectives
• Documenting the necessary information security processes using the documentation templates on our CyberComply platform
• Establishing a program to improve information security awareness across the organization
• Helping you develop the skills needed to manage, maintain, and improve your ISMS
• Facilitating the first management review meeting
• Conducting an internal ISMS audit before certification
• Selecting the right accredited certification body for you

Inquire now