2023 top blogs blog

Hot Picks of 2023: ISMS.online’s Top 10 Most Read Blogs

Staying on top of information security and data privacy developments was necessary for organisations in 2023. Threats continued advancing while regulations tightened across jurisdictions. To help make sense of the complex digital landscape, we spotlight ISMS.online’s ten most-read blogs from the past year.

Spanning infosec frameworks, compliance demands, and risk management best practices, these posts attracted the highest reader traffic for their practical, forward-looking insights. From the ISO 27001 standard update to the EU’s NIS 2 and Digital Operational Resilience Act, they break down critical changes businesses must tackle.

In total, these ten blogs deliver the information security and data privacy knowledge needed to drive effective strategy into 2024. We’re proud to see such a strong readership and hope you’ll find them equally helpful for your organisation.

1. Everything You Need to Know About the ISO 27001: 2022 Standard Update

All organisations certified under ISO 27001:2013 have just under two years left to migrate to the 2022 version, which includes 11 new controls, a new structure and five new attributes; so with the clock ticking, we’ve broken down these and everything else you need to know about the updated standard in one handy blog and created:

✔️A short video outlining all the fundamental changes

✔️ A 4-page ‘Summary of Changes’ guide including a roadmap to achieving compliance

At the core of every successful business is solid information security. We created this blog to help you quickly implement the necessary changes, maintain compliance, and stay ahead of potential threats.

Read More

2. NIS 2: What The Proposed Changes Mean For Your Business

With the EU’s new NIS 2 Directive, the regulatory landscape is set to change, especially for UK-based operators of essential services (OES) organisations operating in the EU.

In this blog, we look at what the new NIS 2 directive requires and how the UK regulatory regime will diverge from NIS 2 due to its departure from the EU.

The key areas of divergence include;

✔️The inclusion of Managed Service Providers \(MSPs\)

✔️Broader incident reporting requirements

✔️Exemptions for specific organisations

✔️A more risk-based approach to regulating digital service providers

As the NIS 2 implementation deadline approaches, UK organisations must carefully assess their cybersecurity compliance obligations and allocate appropriate resources to ensure compliance with both regulations, depending on their business operations.

Read More

3. What is an ISMS, and Why Every Business Should Have One

An effective ISMS can be one of the most powerful tools for organisations to realise the full potential of their data and ensure the security and compliance modern business requires. 

In this blog, we take a deep dive and cover:

✔️ What an ISMS is and what it isn’t

✔️ Outline the business benefits of implementing an ISMS

✔️ Explore different approaches to building an ISMS

✔️ Breakdown how standards such as ISO/IEC 27001 can help organisations realise and maintain effective information security and data management

Read More

4. Get Ready for the Digital Operational Resilience Act

In this blog, we break down the incoming DORA regulation, including;

✔️What the standard contains, and who needs to comply

✔️How ISO 27001 can help speed up compliance

✔️Common obstacles and how to overcome them

It also includes a copy of our handy 15-step DORA checklist.

With just 12 months left to achieve compliance, take advantage of this essential read for financial institutions 

Read More

5.ISO 27001: The Framework For Good Information Security And Good Business

This blog explores the intersection of effective information security practices and business growth.

Using frameworks can be one of the most helpful tools for organisations looking to understand their data and information security posture, so we breakdown ISO 27001 as the most globally implemented framework to understand how it can not only improve an organisation’s information security but also:

✔️Enable better data oversight and operational efficiency

✔️Deliver resource and time cost savings

✔️Ensure ongoing compliance in a constantly changing regulatory landscape

✔️Improve customer trust and competitive advantage

Read More

6. Gartner: ISO 27001 and NIST Most Effective Information Security Risk Management Frameworks

Research from Gartner highlighted the two most effective information security risk management frameworks as, ISO 27001 and NIST.

So, in this blog, we break down these two security frameworks and how they can empower your organisation to greater business success, including how they can:

✔️Address current and emerging cyber risks in line with stakeholder expectations

✔️Remove undue burden on technical and security teams

✔️Ensure budget spent on security controls actively improves company risk profiles

Read More

7. Everything You Need to Know About the ISO 27701 Data Privacy Standard

This blog examines everything you need to know about ISO 27701, the globally recognised data privacy standard.

Discover the ins and outs of ISO 27701 and how it can enable your approach to data protection. From its critical principles to implementation strategies, we’ve got you covered.

Learn how ISO 27701 aligns with GDPR, HIPAA, and other global standards, empowering you to meet compliance requirements efficiently. Stay ahead of the ever-evolving privacy landscape and build trust with your customers.

Join the ranks of organisations setting the standard for secure data handling.

Read More

8. Unpacking the Cost vs ROI of Achieving ISO 27001 Certification

Information security isn’t just a checkbox. ISO 27001 offers a robust information security framework, but how does the investment stack up against potential returns?

In this blog, we shed light on: 

✔️The certification process

💰The nuances of costs

💡The tangible (and intangible) benefits organisations can reap

From avoiding hefty data breach costs to elevating your brand’s credibility, understand why ISO 27001 might be the strategic move you’ve been searching for.

Whether you are pondering alignment or full-scale certification, we’ll guide you through every step. Dive in, and let’s put ROI into perspective. 

Read More

9. How We Approached our ISO 27701 Audit And Succeeded First-Time

In this blog, we take you on the journey of how we put our money where our mouth is and used our platform for simultaneous certification against two of the most demanding infosec and data privacy standards and succeeded first-time.

Discover step-by-step how to prepare, deliver and execute a successful audit and why getting serious about your organisation’s data privacy and information security is just good business!

You can also download a helpful roadmap for approaching an ISO 27701 audit in your business and start your journey to simple, secure and sustainable security.

Read More

10.ISO 9001 Explained: A Comprehensive Guide to Quality Management Systems

Quality management has become a strategic priority for organisations seeking operational excellence and customer satisfaction. Yet misconceptions persist around ISO 9001 – the world’s most widely-used quality management system standard.

Should you invest time and resources to get ISO 9001 certified?

In this blog, we break down everything you need to know:

✔️What is ISO 9001, and what does it entail?

✔️Its fundamental principles and structural components demystified

✔️The step-by-step certification process

✔️Real benefits – from streamlined operations to tender eligibility

✔️Common myths busted with facts and realities

✔️Best practices for smooth implementation

ISO 9001 provides a robust framework to manage quality, but only with proper understanding and execution. 

Whether you’re just exploring ISO 9001 or firmly committed to certification, read this to set your quality management efforts up for success!

Read More

Unlocking Your Information Security Compliance Advantage

As we move into 2024, the insights from these blogs will undoubtedly continue to resonate. The lessons learned and strategies discussed are not just about meeting compliance standards but about fostering a culture of security and privacy that aligns with your organisation’s goals and values. Whether you’re preparing for an ISO audit, implementing a new ISMS, or seeking to understand the ROI of information security investments, you can rely on our blog to find the insights you need. 

 

Streamline your workflow with our new Jira integration! Learn more here.