Management Reviews – ISMS V2022 Series
Evidence that top management undertakes a review of the Information Security Management System (ISMS) at planned intervals can be demonstrated through various documented information and records. These documents should clearly show the involvement of top management in the review process, their evaluation of ISMS’s performance, and their decisions for improvement. Here are some key pieces […]
Outputs of the Management Review – ISMS V2022 Series
To know that the output from the ISMS management review identifies changes and improvements, you should look for specific elements within the documented results of the management review meetings. These elements should clearly indicate that top management has considered the current state of the ISMS, assessed its performance, and identified necessary changes and improvements. Here […]
The Management Review and Interested Parties – ISMS V2022 Series
To ensure that the results of the management review are documented, acted upon, and communicated to interested parties appropriately, follow these structured steps: 1. Documentation of Management Review Results Meeting Minutes and Reports Detailed Minutes: Record comprehensive minutes of management review meetings. Include participants, agenda, discussions, decisions made, and action items. Management Review Report: Prepare […]
Non-Conformity Management – ISMS V2022 Series
To ensure that actions to control, correct, and deal with the consequences of non-conformities have been identified and effectively addressed, follow a structured approach that includes identification, documentation, planning, and verification. Here’s a comprehensive guide: 1. Identification of non-conformities Detection Mechanisms Audits: Conduct regular internal and external audits to identify non-conformities. Monitoring: Use continuous monitoring […]
Root Cause Analysis – ISMS V2022 Series
To ensure that the need for action to eliminate the root cause of non-conformities and prevent their recurrence has been evaluated, you should implement a systematic process that includes thorough analysis, action planning, and monitoring. Here’s a comprehensive approach: 1. Root Cause Analysis Identify non-conformities Documentation: Ensure that non-conformities are thoroughly documented, including details of […]
Continuous Improvement – ISMS V2022 Series
To ensure that identified actions have been implemented, reviewed for effectiveness, and led to improvements in the ISMS, follow a structured approach that includes monitoring, verification, and continuous improvement. Here’s how you can systematically ensure this: 1. Implementation Tracking Action Plan Execution Assign Responsibilities: Clearly assign tasks to individuals or teams responsible for implementing each […]
Documented Information in the Improvement Cycle – ISMS V2022 Series
To provide evidence of documented information about the nature of non-conformities, actions taken, and the results, you should maintain a variety of records and documents that capture all aspects of the non-conformity management process. Here’s a list of key documents and records that can be used as evidence: 1. Non-Conformity Reports Report Forms: Standardized forms […]
BIGGETS DATA BREACHES OF 2024 (so far)
BIGGETS DATA BREACHES OF 2024 (so far) Why should you care about Information Security? Based on Kim Komando’s most recent broadcast. From big banks to car dealerships, 2024 has been a banner year for data breaches. Yes, I mean that in the worst way possible. I’d be shocked if there’s any person left unexposed at […]
The Human Threat to Information Security
The human factor is a significant aspect of information security threats. Research consistently shows that a substantial portion of security incidents can be attributed to human actions, either intentional or unintentional. Here are some key insights: Human Error: Studies often suggest that human error is a leading cause of security breaches. For instance, a 2023 report […]
Cyber Crime & Information Security in Latin America – Statistics & Facts
The technological development of the last decades has been marked by the rapid and growing adoption of the internet. However, this hyperconnectivity has made the common user, as well as governments and companies, a new target for criminal activity. Protecting networks, systems and data from cyber-attacks has thus become a must for anyone connecting to the […]
