Blog Posts Tagged with "ISO 27001"

219bfe49c4e7e1a3760f307bfecb9954

Can Software Security Requirements Yield Faster Time to Market?

October 17, 2013 Added by:Rohit Sethi

Addressing security requirements while building software is substantially faster than fixing security vulnerabilities later, and since so many organizations end up mandating fixing security defects, preventing those defects up-front yields faster time-to-market.

Comments  (0)

1f2f664e68a603b3c54890fbbcd37857

The Great Compliance Conundrum

May 10, 2012 Added by:Mark Gardner

The crux of the matter is why people bemoan compliance: To comply in this case requires no external verification, and in order to meet compliance you may avoid some as they're too hard to do or do not go deep enough, but still have the ability to turn and say that "we are compliant"...

Comments  (0)

7477d0986a135e5e948d70e9995a609c

Information Security Relief is Spelled ISO-27001

February 15, 2012 Added by:John Verry

No matter the industry or service offering, organizations processing data on behalf of clients are experiencing the pain of proving they are secure and compliant with client standards and the myriad of regulations which their clients are obligated. ISO-27001 spells relief...

Comments  (0)

7477d0986a135e5e948d70e9995a609c

ISO 27001 and HITRUST for Healthcare Organizations

January 23, 2012 Added by:John Verry

HITRUST provides a prescriptive set of controls that are mapped and referenced to standards and regulations relevant to healthcare. The idea is to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

PCI DSS Risk SIG Announced: Results Will Be Interesting

December 12, 2011 Added by:Andrew Weidenhamer

The one that I am most interested in seeing is the results of is the Risk Assessment SIG. Although IT Risk Assessments has been a term that has been used for decades now, they are still rarely performed and almost always poorly when they are in regard to effectively considering threats...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

ISO 27002 – What Will the Next Revision Bring?

November 27, 2011 Added by:Dejan Kosutic

This most important link between ISO 27001 and ISO 27002 – identical structure of ISO 27001 Annex A and ISO 27002 controls – will most likely still be included in new revisions of both standards. However, the way it is structured and the individual controls will most probably change...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

Security Scribbling: ISO 27001 vs. PCI Misunderstanding

November 17, 2011 Added by:Andrew Weidenhamer

The problem with using a risk based approach is the manner in which risk is defined and accepted. As long as there is a good Risk Assessment methodology in place and further good reasons and justifications to deal with risk, then using a risk based approach is perfectly acceptable...

Comments  (0)

15058930cc374dcfa98c0342a08be0b2

Security Trends: Which to Avoid and Which to Embrace

September 30, 2011 Added by:Ken Stasiak

With Enterprise Risk Management (ERM) comes a comprehensive risk assessment equation and process. Defining one process that can be used and incorporated into the entire organization will allow for conformity, efficiency, and effective alignment between departments...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

How to Prepare for the ISO 27001 Certification Audit

September 26, 2011 Added by:Dejan Kosutic

In Stage 1 audit (called Documentation review) the certification auditor checks whether your documentation is compliant with ISO 27001; in Stage 2 audit (also called Main audit) the auditor checks whether all your activities are compliant with both ISO 27001 and your documentation...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

How to Deal With Insider Threats

July 06, 2011 Added by:Dejan Kosutic

Insider threats will remain the biggest risk to the security of information - the complexity of systems and amount of data will only increase this threat in time. And the best way to deal with them is to prevent them - once they happen, you can only hope they won't go too far...

Comments  (3)

9259e8d30306ac2ef4c5dd1936e67634

Cloud Computing and ISO 27001 / BS 25999

June 06, 2011 Added by:Dejan Kosutic

Although the risks related to cloud computing are high, it doesn't mean they cannot be mitigated. Therefore, use your common sense when choosing your cloud computing provider - if you don't trust your provider fully, then don't entrust them with your sensitive information...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Importance of Data Collection in Risk Assessments

June 02, 2011 Added by:Danny Lieberman

Many times we feel secure but are not, or don’t feel secure when we really are. A company may feel secure behind a well-maintained firewall but if employees are bringing smart phones and flash drives to work, this is an attack vector which may result in a high level of risk...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Management’s View of Information Security

May 23, 2011 Added by:Dejan Kosutic

One of the often misunderstood aspects of information security is that most of the problems (i.e. incidents) happen not because of technology, but because of human behavior. Most of the investments needed will be in defining new policies & procedures and in training & awareness programs...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Does ISO 27001 Mean That Information is 100% Secure?

May 10, 2011 Added by:Dejan Kosutic

ISO 27001 certification guarantees that the company complies with the standard and with its own security rules; it guarantees that the company has taken all the relevant security risks into account and that it has undertaken a comprehensive approach to resolve major risks...

Comments  (1)

9259e8d30306ac2ef4c5dd1936e67634

The Importance of a Statement of Applicability for ISO 27001

April 27, 2011 Added by:Dejan Kosutic

You shouldn't consider the Statement of Applicability as just an "overhead document" that has no use in real life. Written properly, an SoA is a perfect overview of what needs to be done in information security, why it has to be done, and how it is done...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Defining the Insider Threat

April 17, 2011 Added by:Danny Lieberman

Mitigating the insider threat requires defining whether or not there IS a threat, and if so, finding the right security countermeasures to mitigate the risk. One wonders whether or not RSA eats their own dog food, and had deployed a data loss prevention system. Apparently not...

Comments  (8)

Page « < 1 - 2 - 3 - 4 > »