Non-Conformity Management – ISMS V2022 Series
To ensure that actions to control, correct, and deal with the consequences of non-conformities have been identified and effectively addressed, follow a structured approach that includes identification, documentation, planning, and verification. Here’s a comprehensive guide: 1. Identification of non-conformities Detection Mechanisms Audits: Conduct regular internal and external audits to identify non-conformities. Monitoring: Use continuous monitoring […]
Root Cause Analysis – ISMS V2022 Series
To ensure that the need for action to eliminate the root cause of non-conformities and prevent their recurrence has been evaluated, you should implement a systematic process that includes thorough analysis, action planning, and monitoring. Here’s a comprehensive approach: 1. Root Cause Analysis Identify non-conformities Documentation: Ensure that non-conformities are thoroughly documented, including details of […]
Continuous Improvement – ISMS V2022 Series
To ensure that identified actions have been implemented, reviewed for effectiveness, and led to improvements in the ISMS, follow a structured approach that includes monitoring, verification, and continuous improvement. Here’s how you can systematically ensure this: 1. Implementation Tracking Action Plan Execution Assign Responsibilities: Clearly assign tasks to individuals or teams responsible for implementing each […]
Documented Information in the Improvement Cycle – ISMS V2022 Series
To provide evidence of documented information about the nature of non-conformities, actions taken, and the results, you should maintain a variety of records and documents that capture all aspects of the non-conformity management process. Here’s a list of key documents and records that can be used as evidence: 1. Non-Conformity Reports Report Forms: Standardized forms […]
BIGGETS DATA BREACHES OF 2024 (so far)
BIGGETS DATA BREACHES OF 2024 (so far) Why should you care about Information Security? Based on Kim Komando’s most recent broadcast. From big banks to car dealerships, 2024 has been a banner year for data breaches. Yes, I mean that in the worst way possible. I’d be shocked if there’s any person left unexposed at […]
Cyber Crime & Information Security in Latin America – Statistics & Facts
The Human Threat to Information Security
The human factor is a significant aspect of information security threats. Research consistently shows that a substantial portion of security incidents can be attributed to human actions, either intentional or unintentional. Here are some key insights: Human Error: Studies often suggest that human error is a leading cause of security breaches. For instance, a 2023 report […]
Cyber Crime & Information Security in Latin America – Statistics & Facts
The technological development of the last decades has been marked by the rapid and growing adoption of the internet. However, this hyperconnectivity has made the common user, as well as governments and companies, a new target for criminal activity. Protecting networks, systems and data from cyber-attacks has thus become a must for anyone connecting to the […]
Example of a Program to Ensure ISMS Achieves Its Outcomes – ISMS V2022 Series
Example of a Program to Ensure ISMS Achieves Its Outcomes 1. Program Overview Objective: To ensure that the Information Security Management System (ISMS) achieves its desired outcomes, and that requirements and objectives are effectively developed, implemented, and monitored. Scope: This program applies to all ISMS-related activities within the organization, covering all departments and stakeholders involved […]
Documented Evidence – ISMS V2022 Series
Documented evidence is crucial in demonstrating that processes within an Information Security Management System (ISMS) have been carried out as planned. For ISO 27001: 2022 compliance, the following types of documented evidence can be used: 1. Policies and Procedures Information Security Policy Document detailing the organization’s commitment to information security. Procedure Documents Detailed step-by-step instructions […]
