Blog information

ISO27002 and Statement of Applicability explained

The international information security standard ISO27001 is known by many. But what is the illusive ISO27002 that is often mentioned alongside it? ICT Institute has created a series of articles to explain the lesser known ISO27002 standard in more detail. You could use this overview to prepare yourself for ISO27001 certification or just to refresh…

Joost Krapels 13 September 2018

ISO27002 explained, part 4

The article is part four of a series of four articles explaining ISO 27002 and the ISO 27001 statement of applicability. The article series briefly explain each control that is mentioned in these standards. The explanation is based on ISO 27002. —————–Article 1—————– Information Security Policies  A5 Organization of Information Security A6 Human Resource Security…

Joost Krapels 4 June 2018

ISO 27001 Lead Auditor training November 20-23

It is important and often mandatory for organisation with a security policy to provide the right training to all key roles involved in information security and privacy. One key role in security policies is internal auditor, and we recommend the ISO 27001 lead auditor course for anyone involved in the internal audit programme. This is…

Floris van den Broek 24 July 2017

All candidates pass the ISO 27001 lead auditor exam

Congratulation to the candidates of our recent ISO 27001 lead auditor course. All candidates (Jan-Jasper, Joost, Floris, Sieuwert) that participate in this five day course have passed the exam. They can now call themselves IRCA certified information security auditors and are well equipped for key roles in information security teams.

Sieuwert van Otterloo 2 June 2017

Information security – Cryptographic controls policy example

Using cryptographic controls such as encryption can help with information security, but only if it is applied correctly. To make sure it is used in the right way, it is recommended by standards such as ISO 27002 have a data encryption policy. In this article we share the ICT Institute data encryption policy, that is…

Sieuwert van Otterloo 4 January 2017