Security and GRC fundamentals explained from first principles — the reasoning behind the frameworks, not just the checklist.
Clause 4.4 is the shortest clause in ISO 27001. It reads: “The organization shall establish, implement, maintain and continually improve…
Jul 8, 2026 Building and Maintaining a Secure NetworkAccepting credit or debit cards comes with security obligations under the Payment Card Industry Data Security Standard. The scope of…
Jul 8, 2026 4 - Organizational ContextClause 4.3 is where the ISMS gets a boundary. The scope determines what you are accountable for controlling, what an…
Jul 8, 2026 4 - Organizational ContextClause 4.2 asks two things: who are your interested parties, and what do they specifically require from your ISMS? Both…
Jul 7, 2026 4 - Organizational ContextThis post covers Clause 4.1 specifically — what the standard requires, what to document, and what an auditor will check.…
Jul 6, 2026 Security from First PrinciplesGDPR is concerned with what happens to people when systems are built without privacy in mind. It creates legal obligations…
Jun 21, 2026