Sep 01 2022

IMPLEMENT ISO 27001 AND ISO 22301 EFFORTLESSLY

Category: CISO,ISO 27k,vCISODISC @ 12:30 pm
Advisera Conformio presentation

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Follow DISC #InfoSec blog

Ask DISC an InfoSec & compliance related question

Tags: ISO 22301, iso 27001


May 11 2022

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

Category: BCPDISC @ 8:37 am

If you were in the US this time last year, you won’t have forgotten, and you may even have been affected by, the ransomware attack on fuel-pumping company Colonial Pipeline.

The organisation was hit by ransomware injected into its network by so-called affiliates of a cybercrime crew known as DarkSide.

DarkSide is an example of what’s known as RaaS, short for ransomware-as-a-service, where a small core team of criminals create the malware and handle any extortion payments from victims, but don’t perform the actual network attacks where the malware gets unleashed.

Teams of “affiliates” (field technicians, you might say), sign up to carry out the attacks, usually in return for the lion’s share of any blackmail money extracted from victims.

The core criminals lurk less visibly in the background, running what is effectively a franchise operation in which they typically pocket 30% (or so they say) of every payment, almost as though they looked to legitimate online services such as Apple’s iTunes or Google Play for a percentage that the market was familiar with.

The front-line attack teams typically:

  • Perform reconnaissance to find targets they think they can breach.
  • Break in to selected companies with vulnerabilities they know how to exploit.
  • Wrangle their way to administrative powers so they are level with the official sysadmins.
  • Map out the network to find every desktop and server system they can.
  • Locate and often neutralise existing backups.
  • Exfiltrate confidential corporate data for extra blackmail leverage.
  • Open up network backdoors so they can sneak back quickly if they’re spotted this time.
  • Gently probe existing malware defences looking for weak or unprotected spots.
  • Turn off or reduce security settings that are getting in their way.
  • Pick a particularly troublesome time of day or night…

…and then they automatically unleash the ransomware code they were supplied with by the core gang members, sometimes scrambling all (or almost all) computers on the network within just a few minutes.

The Disaster Recovery Handbook: A Step-by-Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets 

Business Continuity Planning & Disaster Recovery (ISO 22301)

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: BCP, Disaster Recovery Handbook, DR, ISO 22301


Nov 04 2016

Cyber security is not enough

Category: cyber securityDISC @ 1:11 pm

CyberresilienceSuite

Cyber security is not enough – you need to become cyber resilient

 

Cyber Resilience Implementation Suite

It’s no longer sufficient to suppose that you can defend against any potential attack; you must accept that an attack will inevitably succeed. An organisation’s resilience in identifying and responding to security breaches will become a critical survival trait in the future. The Cyber Resilience Implementation Suite has been designed to help organisations create an integrated management system that will help defend against cyber threats and minimise the damage of any successful attack. This suite of products will help you to deploy the cyber security Standard
ISO27001 and the business continuity Standard
ISO22301 to create an integrated cyber resilience management system. The books in this suite will provide you with the knowledge to plan and start your project, identify your organisation’s own requirements and apply these international standards. Management systems can require hundreds of documents and policies. Created by experienced cyber security and business continuity professionals, the toolkits in the Cyber Resilience Implementation Suite provide documentation templates to save you weeks of researching and writing and the supporting guidance to ensure you’re applying the necessary polices for your business. Administration and updating of the documentation is made easy with the toolkits’ integrated dashboard, easy customization of templates and one-click formatting.

Cyber Resilience Implementation Suite

 


Contents

This suite includes:

Start building cyber resilience into your organisation today.





Tags: Cyber Resilience, ISO 22301, iso 27001, iso 27002


Apr 27 2016

Why you should care about ISO 22301?

Category: BCPDISC @ 9:48 pm

bcms

Business Continuity is the term now given to mean the strategies and planning by which an organization prepares to respond to catastrophic events such as fires, floods, cyber-attacks, or more common human errors and accidents

Business Continuity Management System (BCMS) puts such a program in the context of an ISO Management Systems, and ISO 22301:2012 sets a certifiable standard for a BCMS. It is the first and most recognized international standard for business continuity.

Several other standards, particularly BS 25999 have had wide international acceptance, however, they are now largely supplanted by ISO 22301.
The obvious benefits to an organization having a robust, mature business continuity program have been outlined in this Newsletter previously (April, 2015). They center on being able to respond to disruptions so an organization stays in business and meets its obligations and commitments to all stakeholders.
However, there are additional ways that an organization can benefit from adhering to a business continuity standard, particularly ISO 22301. These benefits can accrue from obtaining certification to the Standard, and also from formally aligning to the Standard without actual certification.
For more on additional benefits: So, why should you care about 22301?

Steps in ISO 22301 implementation are the following:
1. Obtain management support
2. Identify all applicable requirements
3. Develop top-level Business Continuity Policy and objectives
4. Write documents that support the management system
5. Perform risk assessment and treatment
6. Perform business impact analysis
7. Develop business continuity strategy
8. Write the business continuity plan(s)
9. Implement training and awareness programs
10. Maintain the documentation
11. Perform exercising and testing
12. Perform post-incident reviews
13. Communicate continuously with the interested parties
14. Measure and evaluate the BCMS
15. Perform internal audit
16. Implement all the necessary corrective and preventive actions, and
17. Perform the management review





Tags: BCMS, ISO 22301