image : OpenSense LabsAre you aware of the Solarwinds attack in 2020? The hackers exploited software vulnerabilities of Orion IT monitoring and management software used by thousands of enterprises and government agencies. This hack triggered a larger scale supply chain incident which affected thousands of organizations, including the U.S. government. The attackers infliltrated the Solarwinds network, and infected the software ...

1. What is ISO 27001?ISO 27001 is a comprehensive information security standard, which provides the requirements for an information security management system (ISMS) for certification. It is a framework of policies and procedures that consists of all technical, physical, and legal controls of an Information Risk Management process.2. What does ISO 27001 certification signify in terms of risk assessment?ISO 27001 ...

Image: TechTargetThe sole purpose of the internal audit is to check compliance with the documented organization ISMS requirements. Internal auditing is a key component and essential for ISO 27001 compliance. Therefore internal audits need to be carried out regularly, and effectively at planned intervals. Internal audits help identify and rectify any issues of the ISMS before an external certification audit ...

Image : anitechconsultingAn Information Security Management System (ISMS) helps establish policies, standards, procedures, and security controls to minimize security risks to organizations' sensitive data and systems to ensure business continuity. An ISMS systematically address employee behavior and business processes centered around data, applications, networks, and systems minimizing risks to acceptable levels.ISO/IEC 27001 international standard provides comprehensive guidelines to establish an ...

Threat modeling is an essauntial component of your Information security management system (ISMS). It aims to identify, analyse, plan, communicate, potential threats to protect assets in your network. It is basically, getting into the attackers' head, and deploying effective defences against their Tactics, Tools, and Procedures (TTPs) . Threat modelling requires effective threat intelligence process to protect your organization from ...

Image : ISOThe ISO 27001 certification is the most comprehensive information security standard recognized globally. It ensures standardizing of your organisation's information security strategies to ensure confidentiality, integrity and availability of your systems and data to conduct your business effectively. Gaining the certification is a journey with several milestones. It is a carefully planned systematic activity that transforms an organisation ...

Image :logrhythmZero Trust model is a comprehensive security model that aims to protect critical systems and sensitive data. The foundation of Zero Trust model is that it does not trust anyone including internal users behind a firewall. It does not allow access or perform a transaction by any user, without due authorization. Zero trust assumes that every attempt to access ...

Source : wallarmThe OSI network communications model is made of 7 layers. Each layer handles a specific process to enable reliable communication between two or more devices. When the Internet was designed, its focus was on ensuring of reliable communications. The challenges of communication security emerged later. These 7 layers act like a chain of links. If one lnk breaks, ...

Image : governmenttechnologyinsiderThe United Nations Declaration of Human Rights (UDHR) Article 12 states :"No one shall be subjected to arbitrary interference with his privacy...." which makes privacy is undeniable human right. Privacy is like breathing. Everyone needs it.Personal Data Protection is an emerging issue in the world. Most nations are following European Union GDPR model of regulations to enact local ...

Image comptiaThe threats of data breaches are becoming more common. They are also more difficult to detect and mitigate. The most dangerous issue is the time taken to detect and contain it. Some APTs intrude and prevail in your system undetected for a long time. This requires your business to have an efficient detection, mitigation and prevention process against data ...

Image : libguidesPersonally Identifiable information (PII) is defined as any data that could potentially identify a specific individual. In simple, PII is any information that can be used to distinguish one person from another. The legal definition of PII may vary from jurisdiction to jurisdiction. However, universally it refers to information that can be used to trace an individual identity, ...

Image : whiteknightitSecurity awareness, and training are the first line of defence in securing your organization against cyber attacks.The first barrier that you will face is resistance to information security. This is a normal situation as employees tend to think security is not their job. But they are the problem. Majority of cyber attacks have been resulted from employee vulnerabilities ...

The Communication Plan is a key element of a good Information Security Management System(ISMS). Your organization need to communicate most accurate Information to it's stakeholders at the best moment. It's equally important in security management to make people to respond to situations in the proper way.Effective communication includes proper content, format and time to ensure creating trust among recipents both ...

Image : ShutterstockDespite all the efforts made by organisations to establish a perfect ISMS, there still may exist not fully imlemented or unimplemented controls . A non-conformity is non-fulfillment of a requirement in ISO 27001. The internal and in external auditor use nonconformities to judge the level of ISMS compliance with ISO 27001 standard. non-conformities take up major part of ...

“Ransomware is more about manipulating vulnerabilities in human psychology than the adversary's technological sophistication”― James Scott, Sr.In May 2017, over 300,000 organisations worldwide were affected by dangerous "WannaCry" ransomware spreading to through networks exploiting Microsoft Window. WannaCry encrypted organisations’ files and demanded $300 worth of Bitcoins to receive the decryption key. In March of 2021, insurance giant CNA Financial paid ...

Image : Michael FisherAt the heart of your business is data. Protecting your data from malacious actors require using effective strategies. Defense in Depth (DiD) is security strategy that uses series of defensive mechanisms to protect your information assets. Because of layered nature of defences, when a malacious actor breaks one mechanism, the next mechanism steps up to block ...

Image : Tripwire"If you know the enemy and know yourself you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." - Sun TzuThreat Intelligence (TI) is the gathering ...

Image : heimdalsecurityThreat hunting is a proactive process in cyber security that searches for security risks concealed within an organization’s network, data, and endpoints. It entails diving deeply into the IT environment to identify threat actors and attack vectors. If an external attacker or insider can elude initial network defense systems, they may remain undetected within the network, performing data ...

Image : Workable Resources The security policy provides the framework for multi layered information security of your organisation. It encompasses the vision of your senior management, the regulations applicable to business operations, and guidance to achieve your security goals.A security policy document establishes a structure to ensure that effective security strategies and controls are in place, roles and responsibilities are ...