This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.

Remove 2013 Remove Information Security Remove InfoSec Remove Risk
article thumbnail

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

Cisco Security

MAY 5, 2022

As the complexity of market demand grows, SaaS providers need an efficient way to simplify and streamline efforts to attain security certifications. A strategic compliance and risk management approach is as essential to the success of an organization as its product strategy. Infosec Registered Assessors Program (IRAP December 2020).

Marketing 123
Marketing InfoSec Risk Technology 123
article thumbnail

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

Under First American’s documented vulnerability remediation policies, the data leak was classified as a security weakness with a “level 3” severity, which placed it in the “medium risk” category and required remediation within 45 days. “That’s a high-risk vulnerability.

Insurance 280
Insurance Risk Financial Services CISO 280
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

The dreaded Statement of Applicability

Notice Bored

JUNE 5, 2022

The organisation cannot adopt a generic suite of information security controls simply on the basis that they have been recommended or suggested by someone - not even if they are noted in Annex A. Justification for including a control is its effect on modifying information security risk. Subclause 6.1.3

Risk 72
Risk Information Security Accountability InfoSec 72
article thumbnail

ISO/IEC 27002 update

Notice Bored

FEBRUARY 20, 2022

The newly-published third edition of ISO/IEC 27002 is a welcome update to the primary ISO27k controls catalogue (officially, a 'reference set of generic information security controls'). Aside from restructuring and generally updating the controls from the 2013 second edition, the committee (finally!) hopefully.

IoT 102
IoT Risk Information Security Technology 102
article thumbnail

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

But those aren’t the only laws or regulations that affect IT security teams. There are plenty of others to worry anyone with job titles that include terms like “compliance,” “privacy,” and “security,” from CSOs on down. See the Top Governance, Risk and Compliance (GRC) Tools. Security, Privacy and Compliance Can Conflict.

Data privacy 142
Data privacy Encryption Data breaches Insurance 142
article thumbnail

NBlog Sept 24 - status of ISO27001 Annex A

Notice Bored

SEPTEMBER 23, 2020

One of the recurrent (zombie) threads on the ISO27k Forum concerns the status of ISO/IEC 27001:2013 Annex A. Typically the zombie is prodded from its slumber by a relatively inexperienced member naively suggesting that certain security controls from Annex A are essential, implying that they are mandatory for certification. Clause 6.1.3

Risk 52
Risk Information Security Accountability InfoSec 52
article thumbnail

NBlog Aug 26 - ISMS templates

Notice Bored

AUGUST 25, 2020

Systematically checking through ISO/IEC 27001:2013 for all the documentation requirements is an interesting exercise. Some documents are identified explicitly in the standard and are clearly mandatory, while many others are only noted in passing, often in ambiguous terms or merely alluded-to.

Risk 52
Risk Information Security Cybersecurity InfoSec 52
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 29,000+ Insiders by signing up for our newsletter

About
Webinars
About
Editions
Webinars
Editions
Topics
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy
© Aggregage 2024