Blog Posts Tagged with "ISO 27001"
The Great Compliance Conundrum
May 10, 2012 Added by:Mark Gardner
The crux of the matter is why people bemoan compliance: To comply in this case requires no external verification, and in order to meet compliance you may avoid some as they're too hard to do or do not go deep enough, but still have the ability to turn and say that "we are compliant"...
Comments (0)
Information Security Relief is Spelled ISO-27001
February 15, 2012 Added by:John Verry
No matter the industry or service offering, organizations processing data on behalf of clients are experiencing the pain of proving they are secure and compliant with client standards and the myriad of regulations which their clients are obligated. ISO-27001 spells relief...
Comments (0)
ISO 27001 and HITRUST for Healthcare Organizations
January 23, 2012 Added by:John Verry
HITRUST provides a prescriptive set of controls that are mapped and referenced to standards and regulations relevant to healthcare. The idea is to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks...
Comments (0)
PCI DSS Risk SIG Announced: Results Will Be Interesting
December 12, 2011 Added by:Andrew Weidenhamer
The one that I am most interested in seeing is the results of is the Risk Assessment SIG. Although IT Risk Assessments has been a term that has been used for decades now, they are still rarely performed and almost always poorly when they are in regard to effectively considering threats...
Comments (0)
ISO 27002 – What Will the Next Revision Bring?
November 27, 2011 Added by:Dejan Kosutic
This most important link between ISO 27001 and ISO 27002 – identical structure of ISO 27001 Annex A and ISO 27002 controls – will most likely still be included in new revisions of both standards. However, the way it is structured and the individual controls will most probably change...
Comments (0)
Security Scribbling: ISO 27001 vs. PCI Misunderstanding
November 17, 2011 Added by:Andrew Weidenhamer
The problem with using a risk based approach is the manner in which risk is defined and accepted. As long as there is a good Risk Assessment methodology in place and further good reasons and justifications to deal with risk, then using a risk based approach is perfectly acceptable...
Comments (0)
Security Trends: Which to Avoid and Which to Embrace
September 30, 2011 Added by:Ken Stasiak
With Enterprise Risk Management (ERM) comes a comprehensive risk assessment equation and process. Defining one process that can be used and incorporated into the entire organization will allow for conformity, efficiency, and effective alignment between departments...
Comments (0)
How to Prepare for the ISO 27001 Certification Audit
September 26, 2011 Added by:Dejan Kosutic
In Stage 1 audit (called Documentation review) the certification auditor checks whether your documentation is compliant with ISO 27001; in Stage 2 audit (also called Main audit) the auditor checks whether all your activities are compliant with both ISO 27001 and your documentation...
Comments (0)
How to Deal With Insider Threats
July 06, 2011 Added by:Dejan Kosutic
Insider threats will remain the biggest risk to the security of information - the complexity of systems and amount of data will only increase this threat in time. And the best way to deal with them is to prevent them - once they happen, you can only hope they won't go too far...
Comments (3)
Cloud Computing and ISO 27001 / BS 25999
June 06, 2011 Added by:Dejan Kosutic
Although the risks related to cloud computing are high, it doesn't mean they cannot be mitigated. Therefore, use your common sense when choosing your cloud computing provider - if you don't trust your provider fully, then don't entrust them with your sensitive information...
Comments (0)
The Importance of Data Collection in Risk Assessments
June 02, 2011 Added by:Danny Lieberman
Many times we feel secure but are not, or don’t feel secure when we really are. A company may feel secure behind a well-maintained firewall but if employees are bringing smart phones and flash drives to work, this is an attack vector which may result in a high level of risk...
Comments (0)
Management’s View of Information Security
May 23, 2011 Added by:Dejan Kosutic
One of the often misunderstood aspects of information security is that most of the problems (i.e. incidents) happen not because of technology, but because of human behavior. Most of the investments needed will be in defining new policies & procedures and in training & awareness programs...
Comments (0)
Does ISO 27001 Mean That Information is 100% Secure?
May 10, 2011 Added by:Dejan Kosutic
ISO 27001 certification guarantees that the company complies with the standard and with its own security rules; it guarantees that the company has taken all the relevant security risks into account and that it has undertaken a comprehensive approach to resolve major risks...
Comments (1)
The Importance of a Statement of Applicability for ISO 27001
April 27, 2011 Added by:Dejan Kosutic
You shouldn't consider the Statement of Applicability as just an "overhead document" that has no use in real life. Written properly, an SoA is a perfect overview of what needs to be done in information security, why it has to be done, and how it is done...
Comments (0)
Defining the Insider Threat
April 17, 2011 Added by:Danny Lieberman
Mitigating the insider threat requires defining whether or not there IS a threat, and if so, finding the right security countermeasures to mitigate the risk. One wonders whether or not RSA eats their own dog food, and had deployed a data loss prevention system. Apparently not...
Comments (8)
Ten Guidelines for Effective Security Audits
March 29, 2011 Added by:Danny Lieberman
The security auditor expectation gap has sometimes been depicted as an issue to be addressed by educating users to the audit process. This is not unlike the notion that security awareness programs are effective data security countermeasures for employees that willfully steal data...
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox