image : OpenSense LabsAre you aware of the Solarwinds attack in 2020? The hackers exploited software vulnerabilities of Orion IT monitoring and management software used by thousands of enterprises and government agencies. This hack triggered a larger scale supply chain incident which affected thousands of organizations, including the U.S. government. The attackers infliltrated the Solarwinds network, and infected the software ...

1. What is ISO 27001?ISO 27001 is a comprehensive information security standard, which provides the requirements for an information security management system (ISMS) for certification. It is a framework of policies and procedures that consists of all technical, physical, and legal controls of an Information Risk Management process.2. What does ISO 27001 certification signify in terms of risk assessment?ISO 27001 ...

The Communication Plan is a key element of a good Information Security Management System(ISMS). Your organization need to communicate most accurate Information to it's stakeholders at the best moment. It's equally important in security management to make people to respond to situations in the proper way.Effective communication includes proper content, format and time to ensure creating trust among recipents both ...

Source : wallarmThe OSI network communications model is made of 7 layers. Each layer handles a specific process to enable reliable communication between two or more devices. When the Internet was designed, its focus was on ensuring of reliable communications. The challenges of communication security emerged later. These 7 layers act like a chain of links. If one lnk breaks, ...

image : EC councilBusiness Continuity Management (BCM) can be simply explained as planning to survive from disruptive incidents.Disasters struck when you least expect it. The cause of the disaster could be a natural or a human factor. Whatever the disaster your organisation need to be prepared.What are the types of disasters impact your information systems ?Data BreachesHacking of Systems Critical ...

Threat modeling is an essauntial component of your Information security management system (ISMS). It aims to identify, analyse, plan, communicate, potential threats to protect assets in your network. It is basically, getting into the attackers' head, and deploying effective defences against their Tactics, Tools, and Procedures (TTPs) . Threat modelling requires effective threat intelligence process to protect your organization from ...

Image : governmenttechnologyinsiderThe United Nations Declaration of Human Rights (UDHR) Article 12 states :"No one shall be subjected to arbitrary interference with his privacy...." which makes privacy is undeniable human right. Privacy is like breathing. Everyone needs it.Personal Data Protection is an emerging issue in the world. Most nations are following European Union GDPR model of regulations to enact local ...

“Ransomware is more about manipulating vulnerabilities in human psychology than the adversary's technological sophistication”― James Scott, Sr.In May 2017, over 300,000 organisations worldwide were affected by dangerous "WannaCry" ransomware spreading to through networks exploiting Microsoft Window. WannaCry encrypted organisations’ files and demanded $300 worth of Bitcoins to receive the decryption key. In March of 2021, insurance giant CNA Financial paid ...

Image : Michael FisherAt the heart of your business is data. Protecting your data from malacious actors require using effective strategies. Defense in Depth (DiD) is security strategy that uses series of defensive mechanisms to protect your information assets. Because of layered nature of defences, when a malacious actor breaks one mechanism, the next mechanism steps up to block ...

Image: TechTargetThe sole purpose of the internal audit is to check compliance with the documented organization ISMS requirements. Internal auditing is a key component and essential for ISO 27001 compliance. Therefore internal audits need to be carried out regularly, and effectively at planned intervals. Internal audits help identify and rectify any issues of the ISMS before an external certification audit ...

An ISMS (Information Security Management System) is a framework which help you manage yor your organisation’s information security.It enables you to assess, manage, monitor, review and improve your information security practices. With an ISMS you will develop policies, procedures, guidelines and controls to meet three objectives of information security: 1. Confidentiality: You will ensure that your data can only be ...

Image :logrhythmZero Trust model is a comprehensive security model that aims to protect critical systems and sensitive data. The foundation of Zero Trust model is that it does not trust anyone including internal users behind a firewall. It does not allow access or perform a transaction by any user, without due authorization. Zero trust assumes that every attempt to access ...

ISO 27001 is the most comprehensive international standard for the implementing Information Security Management System (ISMS) for any organisation. It helps your organization to systematically maintain confidentiality, integrity and availability (CIA). The key benefits are 1. Complying with an excellent framework to protect information assets from malicious actors.2. Increase customers, partners, suppliers, investor and other stakeholder confidence and reputation.3. Gaining ...

Image : whiteknightitSecurity awareness, and training are the first line of defence in securing your organization against cyber attacks.The first barrier that you will face is resistance to information security. This is a normal situation as employees tend to think security is not their job. But they are the problem. Majority of cyber attacks have been resulted from employee vulnerabilities ...

Image : ShutterstockDespite all the efforts made by organisations to establish a perfect ISMS, there still may exist not fully imlemented or unimplemented controls . A non-conformity is non-fulfillment of a requirement in ISO 27001. The internal and in external auditor use nonconformities to judge the level of ISMS compliance with ISO 27001 standard. non-conformities take up major part of ...

Image : anitechconsultingAn Information Security Management System (ISMS) helps establish policies, standards, procedures, and security controls to minimize security risks to organizations' sensitive data and systems to ensure business continuity. An ISMS systematically address employee behavior and business processes centered around data, applications, networks, and systems minimizing risks to acceptable levels.ISO/IEC 27001 international standard provides comprehensive guidelines to establish an ...

Image : Guru99According to CISSP, organizations face information security threats need consideration of following 8 domains in their security strategy. The ISMS framework is focused in ensuring security in them.Security & Risk Management Asset Security Security Engineering Communication & Network Security Identity & Access Management Security Assessment & Testing Security OperationsSoftware Development Security1 Security & Risk Management :Establishes the security ...

Image : ISOThe ISO 27001 certification is the most comprehensive information security standard recognized globally. It ensures standardizing of your organisation's information security strategies to ensure confidentiality, integrity and availability of your systems and data to conduct your business effectively. Gaining the certification is a journey with several milestones. It is a carefully planned systematic activity that transforms an organisation ...

ISO 27001 is the most comprehensive international standard ISMS (Information Security Management System). 1. ISO 270001 based ISMS provides you a systematic approach that consist processes, technology and people to help you for effective risk management to protect your organisatin's information. 2. In a world of rising cyber crime ISO 27001 gives your organisation an independent, expert verification of your information security ...