Category: ISO-27001

Privacy Versus Infosec

Briefing Note: GDPR-ISO-27001-PCI The table below maps GDPR Security requirements against ISO-27001. The infosec aspect of GDPR Art.32 fully satisfied where certification is obtained (GDPR Art.42). As shown in the table below, achieving ISO-27001 certification, leads to a comprehensive level of information security protection that covers all the areas required by GDPR (Art.32). The table…

November 20, 2023
Simplifying NIST AI Risk Management Framework

Author John Libonatti-Roche Date 10th November 2023 Executive Summary The NIST AI Risk Management Framework (NISTAIRMF 1.0) is a voluntary approach to AI Risk Management that neatly aligns with the Plan-Do-Check-Act model and with standard risk management techniques such as those provided by ISO-31000, ISO-27001 or Prince2. The framework acknowledges the challenging trade-offs between organisational…

November 10, 2023

Privacy Versus Infosec