Disaster Recovery – not as easy as it might seem

Disaster recovery – quite straight forward, isn’t it? Well – it might be. At least when it comes to IT environments that aren’t too complicated. The downside there is that there aren’t very many IT environments that aren’t complicated. Most of them tends to be, one way or another. Many disaster recovery solutions, no matter… Continue Reading

Worried about using Facebook Messenger? Try Signal!

I guess you’ve heard it all over and over again about the Facebook privacy scandal. There’s been a lot of focus on the scandal itself and Mark Zuckerberg testifying before the Senate. I have wrote a few posts about it as well. Read more: Why answering/setting up quiz’s and other stuff on Facebook is a… Continue Reading

Office 365 heavy target for phishers

Last Thursday I meet with one of Microsofts Trusted Security Advisor’s and we got into a discussion about phishing. I mentioned that I have seen quite a lot of phishing attempts on customers in Sweden, using the Office 365 community. Microsoft is well aware of this extensive targeting. It’s not something new, not for me,… Continue Reading

What’s most important when building an ISMS or Management System?

I’d like to share a few thoughts about what’s important when building a Management System in general, and an Information Security Management System in particular. Please consider this being tips and ideas from me to you. This post relates to ISO 27001:2013 and the standards following the new model and structure. More then one standard?… Continue Reading

Comments about the “Six myths CEOs believe about security”

A couple of days ago I read the CSO article Six myths CEOs believe about security that I’d like to make some personal comments on. 1. Attackers can’t be stopped The author, Roger A. Grimes, mentions that one of the myths is the one that there’s no efficient way of stopping attackers. Personally, I believe that… Continue Reading

ISO audit done

Finally through with the ISO audits (ISO 9001:2015, ISO 14001:2015, ISO 27001:2013 and OHSAS 18001). Despite a few minor nonconformities we’ll be recommended continued certification. Well done to us then!

Time for ISO audit

It’s time for the annual ISO audit. We manage a combined management system where Information Security is in many parts integrated within the business main and supporting processes. This is our third annual ISO audit and I’m really looking forward to it. Going through these audits is a great opportunity to discuss further development, getting… Continue Reading