Julia Dutton Archive

Continual improvement and ISO27001:2013

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an organization’s information security management system (ISMS). ISO 27001:2005 mandated the Plan-Do-Check-Act (PDCA) approach for continual improvement, but with the introduction of the new version of ISO 27001 …

The problem of quantifying cyber risk

Identifying and assessing cyber risk is no easy feat. Insurance companies have been providing cyber insurance policies for more than ten years, but according to BitSight Technologies, non-security experts struggle to accurately measure the likelihood of a major cyber event, …