Blog 27001

ISO27002 and Statement of Applicability explained

The international information security standard ISO27001 is known by many. But what is the illusive ISO27002 that is often mentioned alongside it? ICT Institute has created a series of articles to explain the lesser known ISO27002 standard in more detail. You could use this overview to prepare yourself for ISO27001 certification or just to refresh…

Joost Krapels 13 September 2018

A summary of ISO 27001 requirements for information security

ISO / IEC 27001 is an official standard for the information security of organisations. Regrettably the standard is not freely available, making it harder than necessary to look up what is actually required by ISO 27001. This has led to some misconceptions. While we still recommend you to read the full standard, we decided to create a good summary to…

Sieuwert van Otterloo 28 February 2017

Four password policy rules that lead to better cyber security

A good password policy is one of the simplest and most important security measures one can take. In this article we describe the four rules that any company should include in their security policy, especially if they want to comply to the ISO 27001 standard.

Sieuwert van Otterloo 5 October 2016

Getting started with information security

Many organisations find it challenging to implement a full information security policy, because it affects all departments and many business aspects. The best approach in our view is to just get started, with a small team, interactive workshops and concrete steps. Once the team is up and running, you use continuous improvement to complete your approach, document…

Sieuwert van Otterloo 20 July 2016