The long awaited international standard to the implementation of an information security management system, ISO/IEC 27003:2010, is now available.
It’s a must have –
Buy the hard copy here:
or the download here:
Key Features and Benefits:
The first standard to offer comprehensive guidance on implementing an ISO/IEC 27001:2005 ISMS. Using this standard during an ISMS implementation will improve [...]
Image by Adam Melancon via Flickr
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.
A good RAF organizes and presents information in a way that both technical [...]
Image by purpleslog via FlickrIn 2010 there will be two important compliance laws introduced which will affect the majority of North American organizations and many global organization too.
45 US States followed California when they introduced “SB1386“, the Security Breach Information Act, which has specific and restrictive privacy breach reporting requirements.
From the 1st January 2010, ALL [...]
Image via Wikipedia
FISMA Certification & Accreditation Handbook
The organizations need to establish security program to manage their day to day risks. Before selecting the controls from standards such as (NIST 800-53 or ISO 27002), organizations need to have complete inventory of the assets involved in the scope. Assets involved in the scope would require a comprehensive [...]
Image via WikipediaAccording to SF Chronicle article by Deborah Gage (May 8, 2009, c2) consumer reports magazine’s annual “State of the Net” survey finds that cybercrimes has held steady since 2004, with one out of five consumers becoming victims in last two years at a cost to economy of $8 billion. Consumer report can be [...]
In April 20007, California state IT council adopted the information security program guide which help organizations to comply with SB 1386. The council advised the use of information security standard ISO 27002 framework to comply and meet the needs of SB 1386.
[Table = 13]
Which businesses are affected by SB 1386 law?
o If you have a [...]
To become a successful business in today’s market, optimized information security controls may be the panacea for unmet security needs. One way to achieve optimized information security control is to perform ISO assessment and assess the organization security posture based on ISO 27002 code of practice and map each control with Capability Maturity Model Integration [...]
Cyber warfare poses a serious threat to critical infrastructure of a country. It has been a major challenge for DoD officials, cyber attackers have already stolen tera byte of data from their infrastructure.
Most of the security expert and FBI agree that cyber attacks pose biggest threat to US vital infrastructure. “Cybergeddon” our daily economy [...]
Open networks are heterogeneous environment where users like to use all the applications and systems at any given time. In a heterogeneous environment, each department run different hardware and software, but you can control the protocols which will work on this environment.
Universities are famous for open network. Most Universities network is comprised of a Bank [...]
Have you ever thought of losing something and you cannot live without it? Yes, that something can be your identity. Phishing is a practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information. In [...]
