After covering requirements 5.1 , 4.1 e 4.2 , now is time to discuss requirement 4.3 "Determining the scope of ISMS": The requirement says that: "the organization must determine the boundaries and applicability of the information security management system to establish its scope". But what does this mean? To determine the scope, we need to consider internal and external issues, the need and expectations of interested parties and all interfaces and dependencies between the a

As we described in the earlier article, internal and external issues from the ISMS, we together understand the organization and its...

Now that we have Top Management Support (Requirement 5.1) as we discussed before here , it is time to start to structuring our ISMS. Let’s go? We shall start from Requirement 4.1 as ISO/27001:2022 standard says: The organization shall determine relevant internal and external issues for those propose and who affects their capacity to achieve intended results fo their ISMS [...] But what does it mean? When we talk about internal issues the organization shall consider organizat

The importance of parents Even if you're not a parent, you know that being a "parent" is no easy task. Following your child's growth,...

Before we delve into the subject of this article, it's crucial to reflect on something highly important, as illustrated in the image...

After introducing the standard and its structure in the previous article , today we'll begin to "run" the PDCA cycle, starting, of course, with the Planning phase. The standard has a well-organized structure, but I'll take the liberty to begin our discussion from requirement " 5.1 Leadership and Commitment ." And why start with this requirement? Precisely because an Information Security Management System (ISMS) will only achieve its objectives with the Support of Top Manageme

Some time ago, I came across a post on LinkedIn by a professional named Felipe Ramos, whom I don't know personally, but his insights...

Source: Photo by ThisisEngineering RAEng on Unplash In my recent daily readings on LinkedIn, I came across Aron Lange's post: Taking...

The ISO/IEC 27001 is an international standard that outlines a series of requirements for a company to implement an Information Security Management System (ISMS). Undoubtedly, this standard is my primary reference in my work. As I've heard before that standards can be challenging to study and understand, I've decided to break it down for you in this series of articles starting today, demonstrating that it's not as daunting as it might seem. The most recent version of this sta

Definition and Structure To ensure we're on the same page, let's consider the definition that an Information Security Policy (ISP) is...