Separation of Duties (SoD) is not only an important principle of security but SoD control A10.1.3 of ISO 27001  wants organizations to implement this control. For separation of duties we don’t want to give any individual so much control that they become a security risk without proper check and balance inplace. SoD is utilized to avoid […]
In ISO 27001 Annex A control 10.1.1 makes it a requirement to identify all necessary operating procedures at policy level and then document these operating procedure based on the current environment. All of these operating procedures should be under strict document control meaning these procedures should be reviewed and updated at regular intervals based on […]
Physical Security Titles Control 9.1.3 of annex A requires organizations to secure perimeter to protect offices and facilities to protect information n and physical assets which have been classified as critical or within the scope of ISO 27001. It is not just protection of computer room or telecomm room HR might need secured cabinet area […]
 Pre-Employment Background Investigations for Public Safety Professionals One of the most popular misconceptions about ISO27001 is that this standard may only deal with IT related information security controls. The truth is ISO27001 covers information security controls for several different business functions of an organization including human resources. Section 8 of ISO27001 specification in annex […]
Section 13 of Annex A handle information security incident management. One of the important thing to know about this section is the difference between an event and an incident. Information Securty Event: is an occurance of a system, service or netwrok state indicating a possible breach of information security policy or failure of safeguards. Informtaion […]
Image by purpleslog via FlickrIn 2010 there will be two important compliance laws introduced which will affect the majority of North American organizations and many global organization too. 45 US States followed California when they introduced “SB1386“, the Security Breach Information Act, which has specific and restrictive privacy breach reporting requirements. From the 1st January […]
Usually security breach occurs due to lack of basic security controls or lack of effective control which is not relevant over the time. Security controls also disintegrate over the time due to lack of maintenance and monitoring. According to Privacy Rights Clearinghouse survey, the top three breaches resulted from laptop theft, software or human error, […]
To become a successful business in today’s market, optimized information security controls may be the panacea for unmet security needs. One way to achieve optimized information security control is to perform ISO assessment and assess the organization security posture based on ISO 27002 code of practice and map each control with Capability Maturity Model Integration (CMMI) […]
Image via Wikipedia In the past when senior management (execs) needed to understand the financial implication of cyber threats and their exposures, they turned their questionnaires toward IT for relevant answers. In other words IT risk assessment was the answer in the past to understand the financial implications of cyber threats. The IT risk assessment […]
Open networks are heterogeneous environment where users like to use all the applications and systems at any given time. In a heterogeneous environment, each department run different hardware and software, but you can control the protocols which will work on this environment. Universities are famous for open network. Most Universities network is comprised of a […]
Security review is performed to identify and analyze risks and weaknesses in the current security posture of an organization. An ISO assessment is performed utilizing international standard ISO 27002 and company security policy, the purpose of the review is to evaluate the information security posture of an organization based on international standard. The level of […]
