Posts Tagged ‘iso 27001’

Meet Stringent California Information Security Legislation with Comprehensive Toolkit

Three years ago, California state IT council adopted the information security program guide which help organizations to comply with SB 1386. The council advised the use of information security standard ISO 27002 framework to comply and meet the needs of SB 1386. This legislation deals with the security of personal information and is applicable to […]

Comments (6)

Long Awaited ISO/IEC 27003:2010

The long awaited international standard to the implementation of an information security management system, ISO/IEC 27003:2010, is now available. It’s a must have – To Download a copy of ISO27003 – Implementation Guidance Key Features and Benefits: The first standard to offer comprehensive guidance on implementing an ISO/IEC 27001:2005 ISMS. Using this standard during an […]

Comments (1)

What is a risk assessment framework

Image by Adam Melancon via Flickr The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure. A good RAF organizes and presents information in a way that […]

Leave a Comment

2010 Compliance Laws

Image by purpleslog via FlickrIn 2010 there will be two important compliance laws introduced which will affect the majority of North American organizations and many global organization too. 45 US States followed California when they introduced “SB1386“, the Security Breach Information Act, which has specific and restrictive privacy breach reporting requirements. From the 1st January […]

Comments (4)

Managing Risks and NIST 800-53

Image via Wikipedia FISMA Certification & Accreditation Handbook The organizations need to establish security program to manage their day to day risks. Before selecting the controls from standards such as (NIST 800-53 or ISO 27002), organizations need to have complete inventory of the assets involved in the scope. Assets involved in the scope would require […]

Comments (3)

Rise of cybercrime and management responsibility

Image via WikipediaAccording to SF Chronicle article by Deborah Gage (May 8, 2009, c2) consumer reports magazine’s annual “State of the Net” survey finds that cybercrimes has held steady since 2004, with one out of five consumers becoming victims in last two years at a cost to economy of $8 billion. Consumer report can be […]

Comments (3)

SB1386 and ISO27002

In April 20007, California state IT council adopted the information security program guide which help organizations to comply with SB 1386. The council advised the use of information security standard ISO 27002 framework to comply and meet the needs of SB 1386. [Table = 13] Which businesses are affected by SB 1386 law? o If […]

Leave a Comment

ISO 27k and CMMI

To become a successful business in today’s market, optimized information security controls may be the panacea for unmet security needs. One way to achieve optimized information security control is to perform ISO assessment and assess the organization security posture based on ISO 27002 code of practice and map each control with Capability Maturity Model Integration (CMMI) […]

Comments (4)

Cyber warfare and possibility of cybergeddon

Cyber warfare poses a serious threat to critical infrastructure of a country. It has been a major challenge for DoD officials, cyber attackers have already stolen tera byte of data from their infrastructure. Most of the security expert and FBI agree that cyber attacks pose biggest threat to US vital infrastructure. “Cybergeddon” our daily economy […]

Comments (1)

Open Network and Security

Open networks are heterogeneous environment where users like to use all the applications and systems at any given time. In a heterogeneous environment, each department run different hardware and software, but you can control the protocols which will work on this environment. Universities are famous for open network. Most Universities network is comprised of a […]

Comments (1)

12 Phishing Threats and Identity Theft

Have you ever thought of losing something and you cannot live without it? Yes, that something can be your identity. Phishing is a practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information. In daily […]

Comments (1)

vsRisk and security risk assessment

Information Security Risk Management for ISO27001 / ISO27002 The State of California has adopted ISO/IEC 27002 as its standard for information security and recommends other organizations and vendors to use this standard as guidance in their efforts to comply with California law. To achieve an ongoing compliance, major organizations require tools to comply with standard […]

Comments (6)

Laptop security and vendor assessment

Another report of a laptop stolen, this one containing reams of sensitive customer information. The laptop was later returned in the same office complex, to a room which was reportedly locked; however, the sensitive data on the laptop was not encrypted. According to a San Francisco Chronicle article by Deborah Gage (Aug 6, 2008, pg. […]

Comments (4)

PCI DSS significance and contractual agreement

The PCI DSS (Payment Card Industry & Data Security Standard) was established by credit card companies to create a unified security standard for handling credit card information.  The retail service industry now understands the strategic significance of PCI DSS compliance, which was demonstrated when TJX announced that their system was compromised for more than 17 […]

Comments (2)