Anyone with an interest in information security will have encountered ISO 27001, the international standard that describes best practice for an ISMS (information security management system). However, you might not be as familiar with ISO 27002. It’s a supplementary standard that provides advice on how to implement the security controls listed in Annex A of ISO 27001. Although ISO […]

ISO/IEC 27701 is the international standard that serves as an extension to an ISO 27001/ ISO 27002 #ISMS (information security management system). It provides guidelines for implementing, maintaining, and continually improving a #PIMS (privacy information management system). Develop a privacy information management system as an extension to your ISO 27001-conformant ISMS with ISO/IEC 27701. Supports […]

With the number of ISO 27001 certifications rising fast in the US, organizations will be looking to implement an ISO 27001-compliant information security management system (ISMS) quickly, before any of their competitors. However, the hardest part of achieving ISO 27001 certification is providing the documentation for the ISMS. Often – particularly in more complex and […]

Cyber security is not enough – you need to become cyber resilient   Cyber Resilience Implementation Suite It’s no longer sufficient to suppose that you can defend against any potential attack; you must accept that an attack will inevitably succeed. An organisation’s resilience in identifying and responding to security breaches will become a critical survival […]

RESILIA™ Cyber Resilience Best Practices AXELOS’s new guide RESILIA™ Cyber Resilience Best Practices provides a methodology for detecting and recovering from cyber security incidents using the ITIL lifecycle RESILIA™ Cyber Resilience Best Practices Best guide on Cyber Resilience on the web – Cyber Resilience Best Practices is part of the AXELOS RESILIA™ portfolio. RESILIA™ Cyber Resilience […]

ISO 27001 As A Business Tool More than ever, information security is a key part of a business’ overall plan and objective set. ISO 27001 can help businesses bring their information security practices together and develop a strategy to raise awareness and vigilance throughout the business. With ISO 27001, all of a business’ information security […]

IT Governance Ltd, the global provider of cyber security management solutions, has announced a value-add offer in March. Organisations that buy the No3 ISO27001 Comprehensive Toolkit before the end of March will receive the Cybersecurity Self Assessment Tool free, making double savings on resource and time. The No3 ISO27001 Comprehensive Toolkit contains highly practical books, […]

BSI and Rotterdam school of management, Erasmus university conducted a research study about ISO/IEC 27001 Information technology. Security techniques. BSI interviewed Henk de Vries who is one of the experts behind the study. ISO27001 (ISO 27001) ISMS Requirements (Download now) ISO27002 (ISO 27002) Code of Practice for ISM (Download now) To Download a copy of […]

It is one of an important decision for your organization when you have to decide between ISO 27001 certification and ISO 27002 compliance. When continuous compliance with the standards may save you money in short run but ISO 27001(ISMS) certification outweighs benefits in long run. ISO compliance is a commitment for an organization when it […]

Three years ago, California state IT council adopted the information security program guide which help organizations to comply with SB 1386. The council advised the use of information security standard ISO 27002 framework to comply and meet the needs of SB 1386. This legislation deals with the security of personal information and is applicable to […]

Image by Adam Melancon via Flickr The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure. A good RAF organizes and presents information in a way that […]

Information Technology Control and Audit The audit is utilized as a tool to check compliance control based on standards such as ISO 27002 or NIST 800-53 etc. Some other terms which are not sometime rigorous audit have been used to asses controls are gap analysis, benchmarking and control review. Scoping sets the boundaries of the […]

Information Security Risk Analysis In risk management, risk treatment process begins after completion of a comprehensive risk assessment. Once risks have been assessed, risk manager utilize the following techniques to manage the risks • Avoidance (eliminate) • Reduction (mitigate) • Transfer (outsource or insure) • Retention (accept and budget) Now the question is how to […]

Image via Wikipedia FISMA Certification & Accreditation Handbook The organizations need to establish security program to manage their day to day risks. Before selecting the controls from standards such as (NIST 800-53 or ISO 27002), organizations need to have complete inventory of the assets involved in the scope. Assets involved in the scope would require […]

Image via WikipediaAccording to SF Chronicle article by Deborah Gage (May 8, 2009, c2) consumer reports magazine’s annual “State of the Net” survey finds that cybercrimes has held steady since 2004, with one out of five consumers becoming victims in last two years at a cost to economy of $8 billion. Consumer report can be […]

Web 2.0 is major force and has numerous business benefits but it is posing companies to potential new risks. Social networking sites, such as Facebook, LinkedIn and Twitter, have become the preferred method of communication for a whole generation of people and the ability to post “Status Updates” is fast becoming the new Email. Linkedin […]

Image by moonhouse via Flickr“By slipping a simple, three-sentence provision into the gargantuan spending bill passed by the House of Representatives last week, a congressman from Silicon Valley is trying to nudge Congress into the 21st Century. Rep. Mike Honda (D-Calif.) placed a measure in the bill directing Congress and its affiliated organs — including […]

According to BBC news article by Maggie Shiels (Feb 11, 2009) the world’s biggest software maker has warned companies to expect an increase in “insider” security attacks by disgruntled, laid-off workers. Microsoft said so-called “malicious insider” breaches were on the rise and would worsen in the present downturn. Below are the high points: • With […]

In April 20007, California state IT council adopted the information security program guide which help organizations to comply with SB 1386. The council advised the use of information security standard ISO 27002 framework to comply and meet the needs of SB 1386. [Table = 13] Which businesses are affected by SB 1386 law? o If […]

To become a successful business in today’s market, optimized information security controls may be the panacea for unmet security needs. One way to achieve optimized information security control is to perform ISO assessment and assess the organization security posture based on ISO 27002 code of practice and map each control with Capability Maturity Model Integration (CMMI) […]