Corporate Culture: It is a great information security tool. This is why you should not overlook it.

CORPORATE CULTURE: IT IS A GREAT INFORMATION SECURITY TOOL. Culture, in general terms, can be understood as a set of ideas, habits and social behavior in a specific group. This translates into values, beliefs, ideologies, beliefs, group behavior. In a corporate environment, it is only natural that absolutely every organization has its own culture. And yes, this is one of the key factors that can define the success or failure of information security.

The fact is CULTURE EATS STRATEGY FOR BREAKFAST. The phrase, originally attributed to Peter Drucker, has never been as true as in modern organizations, especially in subjects related to Information Security and Risk Management. Corporate culture can either motivate or drain the energy of professionals. Understand: Culture is the environment where corporate strategy, even the most well defined, blooms or agonizes. Any company that tries to disconnect these two factors is creating an unnecessary risk on the way to success.


Over the past years, several companies have learned – the hard way – that neglecting information security can bring disastrous impacts on operations, brand and financial results. This scenario leads us to believe that the mindset of senior management should have evolved into a more mature approach, where security is seen as a business facilitator and incorporated into all aspects of the strategy and transmitted in corporate culture, right? Yeah, dream on.

Read more

ISO 27000 – free and legal download!

IF YOU ARE AN INFOSEC PROFESSIONAL, STUDENT OR HAVE ANY INTEREST ON THE SUBJECT you are very likely to have heard about ISO/IEC 27001: 2013. What you may not know is that the 27K family is much, much bigger.

Currently there are 16 publications dedicated to the implementation and operation of an ISMS (Information Security Management System) aligned to international standards, and suitable for business of all sizes and verticals. According to the Brazilian National Information Security Survey, which I published last year, more and more Brazilian companies have been investing and adopting the standard.

Read more

ISO 27001: 2013 – What really changed with the updated version of the key information security norm?

2013 was a year with no shortage on news about hacker attacks, data leaks, digital espionage, privacy issues (hi Obama!) and the result is that Information Security is now – more than ever – into the spotlight.

In this context comes the revised version of ISO 27001, the international standard that, for more than a decade, has been one of the main references for managing Information Security. A series of questions may come into the minds of IS professionals: What does really change? Is the standard more effective?

Of course, professionals in charge of ISMS management are imagining the amount of new controls and documents required to obtain/maintain certification.

So, let’s check it out!

Read more