Cyber Security Informer

ISO 27001 Implementation Checklist: 10 Tips to Become Certification Ready

Security Boulevard

SEPTEMBER 8, 2023

ISO/IEC 27001 is an information security standard designed and regulated by the International Organization for Standardization, and while it isn’t legally mandated, having the certification is essential for securing contracts with large companies, government organizations, and companies in security-conscious industries.

Government

Government Information Security Cybersecurity

Introduction to ISO 42001 and Its Impact on AI Development

Centraleyes

APRIL 4, 2024

As defined in ISO/IEC 42001, an AI management system is a collection of interconnected or interacting aspects of an organization designed to establish policies, objectives, and methods concerning the responsible creation, provision, or use of AI systems. What is the significance of ISO/IEC 42001? What’s in the ISO 42001?

Artificial Intelligence

Artificial Intelligence Risk Government System Administration

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

Cisco Security

MAY 5, 2022

ISO IEC 27001:2013 – Information technology — Security techniques — Information security management systems — Requirements. ISO/IEC 27017:2015 – Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services.

Marketing

Marketing InfoSec Risk Technology

The 5 C’s of Audit Reporting

Centraleyes

MARCH 12, 2024

In cybersecurity, audit management involves assessing the effectiveness of security measures, identifying vulnerabilities, and ensuring compliance with industry standards and regulations. Compliance Audits Ensuring alignment with industry regulations and standards, compliance audits are crucial for businesses operating in regulated sectors.

Risk

Risk Cybersecurity Government Firewall

The dreaded Statement of Applicability

Notice Bored

JUNE 5, 2022

b) and c)) and justification for inclusions, whether they are implemented or not, and the justification for exclusions of controls from Annex A; Point d) is the only reference to the S tatement o f A pplicability in ISO/IEC 27001 :2013 - a very succinct specification for such an important document, hence the reason for this blog piece.

Risk

Risk Information Security Accountability InfoSec

Navigating the complex world of Cybersecurity compliance

CyberSecurity Insiders

MAY 17, 2023

Organizations must also ensure they comply with relevant regulations and industry standards. Failure to comply with these regulations can result in fines, legal action, and damage to reputation. law that regulates the handling of protected health information (PHI).

Cybersecurity

Cybersecurity Risk Insurance Firewall

The Ultimate Guide to Excelling in Your External Audit: 5 Proven Strategies

Centraleyes

APRIL 25, 2024

Unbiased Evaluation External auditors provide an unbiased evaluation of security controls, compliance with regulations, and overall security posture. Regulatory Compliance Assurance: External audits ensure compliance with industry regulations and standards, reducing the risk of legal repercussions due to non-compliance.

Risk

Risk Accountability Technology Software

Half-a-dozen learning points from a '27001 certification announcement

Notice Bored

JULY 25, 2022

with "ISO 27001" (ISO/IEC 27001!). The promo contrasts SOC2 against '27001 certification, explaining why they chose ‘27001 to gain some specific advantages such as GDPR compliance - and fair enough. The eventual marketing/promotional value of ‘27001 certification is worth thinking-through.

Marketing

Marketing Government Risk Advertising

Cloud Compliance Frameworks: Ensuring Data Security and Regulatory Adherence in the Digital Age

Centraleyes

MARCH 11, 2024

The decision to implement a specific cloud computing compliance framework depends on various factors, including the organization’s specific security requirements, industry regulations, and the nature of the data being processed or stored in the cloud. Risk Management: ISO/IEC 27001 emphasizes a systematic approach to risk management.

Architecture

Architecture Government Encryption Risk

How customers can improve product security (just ask)

SC Magazine

JUNE 25, 2021

Of course, some organizations consider some kind of security when procuring software, such as looking for ISO/IEC 27001 certification. Regulators and standards bodies in many jurisdiction and industries have created hundreds of other cybersecurity laws and standards. Will vendors be left behind?

Software

Software Retail Cybersecurity IoT

The nine controls ISO/IEC 27002 missed

Notice Bored

MARCH 14, 2022

ISO 22301 is an excellent reference here, enabling organisations to identify, rationally evaluate and sensibly treat both high probability x low impact and low probability x high impact information risks (the orange zone on probability impact graphics), not just the obvious double-highs (the reds and flashing crimsons!).

Risk

Risk Information Security Surveillance Architecture

NBlog July 11 - the small but perfectly formed ISMS

Notice Bored

JULY 10, 2020

Consulting for small organisations lately to design and implement their ISO/IEC 27001 Information Security Management Systems, resourcing constraints often come to light, particularly the lack of information security expertise and knowledge in-house. It reduces trust and devalues brands. All in all, it’s a risky approach.

Risk

Risk Small Business Information Security InfoSec

Why smart buildings need clever cybersecurity

BH Consulting

MARCH 3, 2022

Smart technologies that manage and self-regulate the built environment and its operations help businesses to enhance occupants’ convenience, reduce costs, and drive sustainability. As we’ll explore in this blog, it’s essential that cybersecurity isn’t just a coat of paint on top but is part of the design and embedded into the foundations.

Cybersecurity

Cybersecurity Technology Digital transformation IoT

7 Best Attack Surface Management Software for 2024

eSecurity Planet

DECEMBER 20, 2023

per year Tenable Tenable One, an exposure management platform Identifies assets using DNS records, IP addresses, and ASN, and provides over 180 metadata fields Tenable Attack Surface Management, Add-on for Splunk ISO/IEC 27001/27002 $5,290 – $15,076.50

Software

Software Risk Architecture Internet

Topic-specific policy 4/11: information transfer

Notice Bored

OCTOBER 14, 2021

Here's one possible approach, the guts of a donor policy provided for your education, consideration, inspiration and perhaps adaptation: Background We have numerous commercial relationships with third parties such as suppliers, partners, customers, regulators/authorities and the general public.

Information Security

Information Security Risk Media Encryption

Weaving strategies with policies

Notice Bored

NOVEMBER 26, 2021

business partners, suppliers, customers, prospects and regulators? There's a substantial range of possibilities with strategic, tactical and operational elements and, for sure, business implications. Wider still, what about our (global!) How can we help and support each other?

Risk

Risk Artificial Intelligence Technology InfoSec

“Accountability framework” proposed to promote secure health care practices

SC Magazine

MARCH 11, 2021

“An accountability framework has potential, but there are areas that need to be thoroughly considered, such as: What happens when there isn’t someone available – like a government agency, regulator or appropriate coordinating body – to hold a stakeholder accountable?”

Accountability

Accountability Healthcare Government CISO

Why become certified to ISO 27001?

BH Consulting

SEPTEMBER 2, 2021

One way to do this is to become certified to the ISO 27001 information security standard. ISO 27001 is a globally accepted independent standard that provides external validation for an organisation’s information security. Why become certified to ISO 27001? How does the ISO 27001 certification process work?

Risk

Risk Information Security Data breaches Technology

Which security framework? All of them, in the SCF

Pen Test Partners

SEPTEMBER 26, 2023

There are plenty of ways to meet your security requirements ISO 27001 is not everything. They usually default to one framework, ISO 27001. But ISO 27001 is not your only option. Are you in an industry where compliance is mandated and regulated?

Risk

Risk Government Cybersecurity Technology

The Matrix, policy edition

Notice Bored

JUNE 18, 2022

Certification of an organisation's ISMS, then, demonstrates its conformity with, not compliance to, ISO/IEC 27001 - well in most cases anyway, where management voluntarily chooses to adopt and conform to the standard.

Information Security

Information Security Architecture Government Risk

The 11 Best GRC Tools for 2024

Centraleyes

APRIL 1, 2024

Regulators are placing greater emphasis on the extended enterprise, holding organizations accountable for the actions of their suppliers and vendors. In addition, more and more client companies will use AI to improve their GRC workflows, while oversight and regulation will likely grow.

Risk

Risk Government Artificial Intelligence Software

Ultimate Compliance Guide for Public Cloud

Spinone

FEBRUARY 25, 2019

However, cloud infrastructure is creating complexities when it comes to the world of security and compliance regulations. Compliance regulations today are driving where data can be housed, who it can be shared with, who owns it, what it can contain, and many other important characteristics. What is Compliance?

Government

Government Backups Technology Data privacy

Cloud Security Expertise of Spinbackup API CASB

Spinone

NOVEMBER 19, 2018

Spinbackup CASB (Cloud Access Security Broker) is directly connected to the CSPs (cloud service provider), which enables cybersecurity professionals to monitor cloud-stored data for threats and sensitive or regulated data sharing.

Backups

Backups Ransomware Information Security Encryption

Will $1.9 Billion of Government Funding for Cybersecurity Help Protect the Nation’s Infrastructure?

CyberSecurity Insiders

FEBRUARY 16, 2022

It’s an unprecedented scenario that requires a new approach to cybersecurity, and several government regulations and certifications such as the NSA and CMMC are encouraging organizations to adopt a Zero-Trust architecture.

Government

Government Cybersecurity Cybercrime Technology

Cyber Security Informer

ISO 27001 Implementation Checklist: 10 Tips to Become Certification Ready

Introduction to ISO 42001 and Its Impact on AI Development

Trending Sources

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

The 5 C’s of Audit Reporting

The dreaded Statement of Applicability

Navigating the complex world of Cybersecurity compliance

The Ultimate Guide to Excelling in Your External Audit: 5 Proven Strategies

Half-a-dozen learning points from a '27001 certification announcement

Cloud Compliance Frameworks: Ensuring Data Security and Regulatory Adherence in the Digital Age

How customers can improve product security (just ask)

The nine controls ISO/IEC 27002 missed

NBlog July 11 - the small but perfectly formed ISMS

Why smart buildings need clever cybersecurity

7 Best Attack Surface Management Software for 2024

Topic-specific policy 4/11: information transfer

Weaving strategies with policies

“Accountability framework” proposed to promote secure health care practices

Why become certified to ISO 27001?

Which security framework? All of them, in the SCF

The Matrix, policy edition

The 11 Best GRC Tools for 2024

Ultimate Compliance Guide for Public Cloud

Cloud Security Expertise of Spinbackup API CASB

Will $1.9 Billion of Government Funding for Cybersecurity Help Protect the Nation’s Infrastructure?

Stay Connected