Blog Posts Tagged with "ISO 27001"
October 17, 2013 Added by:Rohit Sethi
Addressing security requirements while building software is substantially faster than fixing security vulnerabilities later, and since so many organizations end up mandating fixing security defects, preventing those defects up-front yields faster time-to-market.
May 10, 2012 Added by:Mark Gardner
The crux of the matter is why people bemoan compliance: To comply in this case requires no external verification, and in order to meet compliance you may avoid some as they're too hard to do or do not go deep enough, but still have the ability to turn and say that "we are compliant"...
February 15, 2012 Added by:John Verry
No matter the industry or service offering, organizations processing data on behalf of clients are experiencing the pain of proving they are secure and compliant with client standards and the myriad of regulations which their clients are obligated. ISO-27001 spells relief...
January 23, 2012 Added by:John Verry
HITRUST provides a prescriptive set of controls that are mapped and referenced to standards and regulations relevant to healthcare. The idea is to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks...
December 12, 2011 Added by:Andrew Weidenhamer
The one that I am most interested in seeing is the results of is the Risk Assessment SIG. Although IT Risk Assessments has been a term that has been used for decades now, they are still rarely performed and almost always poorly when they are in regard to effectively considering threats...
November 27, 2011 Added by:Dejan Kosutic
This most important link between ISO 27001 and ISO 27002 – identical structure of ISO 27001 Annex A and ISO 27002 controls – will most likely still be included in new revisions of both standards. However, the way it is structured and the individual controls will most probably change...
November 17, 2011 Added by:Andrew Weidenhamer
The problem with using a risk based approach is the manner in which risk is defined and accepted. As long as there is a good Risk Assessment methodology in place and further good reasons and justifications to deal with risk, then using a risk based approach is perfectly acceptable...
September 30, 2011 Added by:Ken Stasiak
With Enterprise Risk Management (ERM) comes a comprehensive risk assessment equation and process. Defining one process that can be used and incorporated into the entire organization will allow for conformity, efficiency, and effective alignment between departments...
September 26, 2011 Added by:Dejan Kosutic
In Stage 1 audit (called Documentation review) the certification auditor checks whether your documentation is compliant with ISO 27001; in Stage 2 audit (also called Main audit) the auditor checks whether all your activities are compliant with both ISO 27001 and your documentation...
July 06, 2011 Added by:Dejan Kosutic
Insider threats will remain the biggest risk to the security of information - the complexity of systems and amount of data will only increase this threat in time. And the best way to deal with them is to prevent them - once they happen, you can only hope they won't go too far...
June 06, 2011 Added by:Dejan Kosutic
Although the risks related to cloud computing are high, it doesn't mean they cannot be mitigated. Therefore, use your common sense when choosing your cloud computing provider - if you don't trust your provider fully, then don't entrust them with your sensitive information...
June 02, 2011 Added by:Danny Lieberman
Many times we feel secure but are not, or don’t feel secure when we really are. A company may feel secure behind a well-maintained firewall but if employees are bringing smart phones and flash drives to work, this is an attack vector which may result in a high level of risk...
May 23, 2011 Added by:Dejan Kosutic
One of the often misunderstood aspects of information security is that most of the problems (i.e. incidents) happen not because of technology, but because of human behavior. Most of the investments needed will be in defining new policies & procedures and in training & awareness programs...
May 10, 2011 Added by:Dejan Kosutic
ISO 27001 certification guarantees that the company complies with the standard and with its own security rules; it guarantees that the company has taken all the relevant security risks into account and that it has undertaken a comprehensive approach to resolve major risks...
April 27, 2011 Added by:Dejan Kosutic
You shouldn't consider the Statement of Applicability as just an "overhead document" that has no use in real life. Written properly, an SoA is a perfect overview of what needs to be done in information security, why it has to be done, and how it is done...
April 17, 2011 Added by:Danny Lieberman
Mitigating the insider threat requires defining whether or not there IS a threat, and if so, finding the right security countermeasures to mitigate the risk. One wonders whether or not RSA eats their own dog food, and had deployed a data loss prevention system. Apparently not...
Nortel: From Bankruptcy to Industrial Espion... Eddie colin on 07-23-2014
Don’t Let Your Guard Down: Tragedies Pave ... lafseo wify on 07-22-2014
Don’t Let Your Guard Down: Tragedies Pave ... shahbaz ocpfsd1 on 07-19-2014