Get short, timely messages from Dejan Kosutic.

Twitter is a rich source of instantly updated information. It's easy to stay updated on an incredibly wide variety of topics. Join today and follow @Dejan_Kosutic.

Get updates via SMS by texting follow Dejan_Kosutic to 40404 in the United States
Codes for other countries

Country	Code	For customers of
Two-way (sending and receiving) short codes:
Australia	0198089488 Telstra
Canada	21212 (any)
United Kingdom	86444 Vodafone, Orange, 3, O2
Indonesia	89887 AXIS, 3, Telkomsel
Ireland	51210 O2
India	53000 Bharti Airtel, Videocon
Jordan	90903 Zain
New Zealand	8987 Vodafone, Telecom NZ
United States	40404 (any)

Dejan_Kosutic

The biggest difference between ISO 22301 and BS 25999-2 is in management - setting objectives, measuring, compliance bit.ly/LD0OXd about 13 hours ago via HootSuite
Out of 23 most important sections in ISO 22301, 5 are with significant changes to BS 25999, 8 with moderate and 10 with minor changes 6:10 AM May 24th via HootSuite
Companies already certified against BS 25999-2 will have to "upgrade" to ISO 22301 until May 2014 - see infographic bit.ly/LD0OXd 5:59 AM May 23rd via HootSuite
ISO 22301 vs. BS 25999-2 - An Infographic bit.ly/K8tDGO 7:20 AM May 22nd via TweetMeme
ISO 22301 is published, but BS 25999-2 will still be valid until November 2012 7:05 AM May 21st via HootSuite
BCM should not be the responsibility of IT dept only because both the information and business processes need to be recovered #iso22301 6:35 AM May 18th via HootSuite
Disaster recovery is only a part of business continuity - having data without people and processes to use it doesn't make sense #iso22301 6:20 AM May 17th via HootSuite
Most of the companies implementing ISO 27001 choose between 110 and 130 controls to implement 6:25 AM May 16th via HootSuite
Main part of ISO 27001 (clauses 4 to 8) wouldn't make sense without 133 controls from Annex A - but the opposite is true also 6:35 AM May 15th via HootSuite
@el_wafa The selection of controls depends on the existence of risk - if there is no risk (or other requirement), then no control is needed 10:17 AM May 14th via HootSuite in reply to El_Wafa
@brianhonan I'm afraid such cases are too often... 10:14 AM May 14th via HootSuite in reply to BrianHonan
Not every control from ISO 27001 Annex A is mandatory! (a common mistake made by IT practitioners) 6:45 AM May 14th via HootSuite
Only 50% of controls from ISO 27001 Annex A are about IT - the rest are physical security, legal protection, HR mgt, organization, etc. 6:20 AM May 11th via HootSuite
@danbratt99 Thanks, Daniel - I agree completely! 12:09 AM May 11th via HootSuite in reply to DanBratt99
@stromsjo They're usually sceptical about both the objectives and (especially) implementation... 2:35 PM May 10th via HootSuite in reply to stromsjo
The best way to deal with BCM sceptics is to do an exercise/testing - they will then realize why good planning is important 6:40 AM May 10th via HootSuite
Scepticism on whether the business continuity plans would work is probably #1 difficulty when implementing business continuity #bcm 6:35 AM May 9th via HootSuite
New blog post - Top 10 information security blogs bit.ly/J9T6PD 10:26 AM May 7th via TweetMeme
Free webinar - ISO 27001 benefits: How to obtain management support ow.ly/aE2SC 6:35 AM May 2nd via HootSuite
Implementing only #iso27002 results usually in wrong infosec perception - it's better to start with #iso27001 and use 27002 as guideline 6:40 AM Apr 24th via HootSuite

Name Dejan Kosutic
Location Zagreb, Croatia
Web http://blog.iso27...
Bio Expert for information security management (ISO 27001 standard) and business continuity management (BS 25999-2 standard)