May 15 2014

Cyber Resilience Implementation Suite

Category: BCP,Information Security,ISO 27kDISC @ 11:15 am

CyberResilience

Cyber security is not enough – you need to become cyber resilient

 

The document toolkits – created by experienced cyber security and business continuity professionals – provide you with all the document templates you’ll need to achieve compliance, whilst the supporting guidance will make sure you find the fastest route to completing your project.

Whether you know it or not, your organization is under cyber attack. Sooner or later, a hacker or cyber criminal will get through, so you need to ensure that you have the systems in place to resist such breaches and minimize the damage caused to your organization’s infrastructure, and reputation.

You need to develop a system that is cyber resilient – combining the best practice from the international cyber security and business continuity standards ISO22301 and ISO27001.

This specially-priced bundle of eBooks and documentation toolkits gives you all the tools you need to develop a cyber-resilient system that will both fend off cyber attacks, and minimize the damage of any that get through your cyber defenses.

The books in this suite will provide you with the knowledge to plan and start your project, identify your organization’s own requirements and help you to apply these international standards.

The document toolkits – created by experienced cyber security and business continuity professionals – provide you with all the document templates you’ll need to achieve compliance, whilst the supporting guidance will make sure you find the fastest route to completing your project.

Download your copy today

This suite includes:

Tags: business continuity, Computer security, Cyber Resilience, cyberwarfare, ISO/IEC 27001


Nov 06 2012

New Tools for IT and Security professionals

Category: BCP,Information SecurityDISC @ 11:40 am

IT Governance continually striving to create, source and deliver products that can help IT and Information Security professionals in the real world. Check out their latest on Business Continuity, ITIL & ITSM and Information Security products below to help you in your current and future projects. This is a perfect time of the year to start adding some of these tools in your wish list and stay abreast in your area of expertise.

ISO22301 BCMS Implementation Toolkit
New release

 

ITIL Lite: A Road Map to Full or Partial ITIL Implementation – ITIL 2011 Edition
New release

 

ITIL Foundation Essentials: The exam facts you need
Published on 6th November

 

Resilient Thinking: Protecting Organisations in the 21st Century
Published on 8th November

 

ISO19770 SAM Process Guidance: A kick-start to your SAM programme
Published 13th November

 
 

Tags: Business, business continuity, Information Security, Information Technology, Information Technology Infrastructure Library, it service management, SAM, Software asset management


Sep 10 2009

Way beyond the edge and de-perimeterization

Category: Cloud computing,Information SecurityDISC @ 2:59 pm

Wie eine Firewall arbeitet / how a firewall works
Image by pittigliani2005 via Flickr

De-perimeterization term has been around almost for a decade and finally industry is taking it seriously because of virtualization and cloud computing popularity. Is it time for businesses to emabrace de-perimeterization?

De-perimeterization is a double edge sword for industry which creates scalable options for operation and huge challenges for safeguarding the assets beyond the edge. One of the major advantages for de-perimeterization is that user can access corporate information over the internet; in this situation user can access corporate data from any where, it’s hard to draw the line where the edge begins and where it ends. All you basically need a functional laptop with internet connection. On the other hand, de- perimeterization poses a great challenge due to possibility of viruses, spywares and worms spreading in your internal protected infrastructure.

In de-perimeterized environment, security attributes shall follow the data, wherever the data may go or reside.

In security architecture where firewall was considered a very effective perimeter defense has been weakens by virtualization and cloud computing. In early days of firewall defense, organization only needed to open few necessary protocols and ports to do business. Internet accessible systems were located on the DMZ and the communication was initiated from the corporate to internet. Now there are whole slew of protocols and ports which needs to be open to communicate with application in the cloud. As corporate application move out of the organization network into the cloud, the effectiveness of firewall diminished.

Defense in depth is required for additional protection of data because as new threats emerge, the firewall cannot be used as an only layer of security. The key to the security of de-perimeterization is to push security at each layer of infrastructure including application and data. Data is protected at every layer to ensure the confidentiality, integrity and availability (CIA). Various techniques can be utilized for safeguarding data including data level authentication. The idea of data level authentication is that data is encrypted with specific privileges, when the data move, those privileges are moved with the data.

layered-defense

Endpoint security is relevant in today’s business environment especially for laptop and mobile devices. Agents on laptops and mobile devices utilized pull/push techniques to enforce relevant security policies. Different policies are applied depending on the location of the laptop. Where security policy will ensure which resources are available and what data need to be encrypted depending on the location of the device.

When corporate application and important data reside in the cloud, SLA should be written to protect the availability of the application and confidentiality of the data. Organizations should do their own business continuity planning so they are not totally dependent on the cloud service provider. For example backup your important data or utilize remote backup services where all data stored is encrypted.


Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance


Download a free guide for following cloud computing applications

Hosted email solution
Hosted email archiving
Hosted web monitoring
Hosted online backup


Reblog this post [with Zemanta]

Tags: business continuity, Cloud computing, cloud computing article, cloud computing concerns, cloud computing email, cloud computing hosting, cloud computing information, cloud computing security, cloud computing services, cloud security, cloud services, de-perimeterizations, DMZ, iso assessment