More and more the business terms information security and cybersecurity are used interchangeably. The media and recently elected government officials are dumbing down the world of security, specifically the protection of information in all forms. It seems daily, that the major news outlets in all countries are reporting cyberattacks organizations of all types. Social media is constantly buzzing with the latest cyberattack on well known companies
Your company has decided to pursue the ISO/IEC 27001:2013 certification and now the business of meeting the requirements are underway. The strategy has been created and projected over a period of time probably between six months to a year. The management team has taken the first steps to establish the scope of the ISMS, drafted the ISMS policy and started designing the Risk Management Strategy. Now it's time to become very familiar with the ISO27001 Standards' requirements and recommended security controls in Annex A. Remember that you aren't obligated to use the controls provided
The rapidly changing technological landscape is ushering in efficient decision making and process enhancements that enable extraordinary growth in global commerce. However, with myriad of devices interconnected to multiple access points handled directly or indirectly by human workforce's are introducing unique challenges to business organizations. The inevitable participation of human control of the technological business environment creates constant threats – deliberate or accidental – to confidential information.
Recently I visited Amsterdam and I was fascinated by one unexpected part of my trip. The windmills located in the Zaanse Schans, more specifically the wind powered sawmill that is a rich element of Dutch history. Invented at the end of the 16th century by Cornelis Corneliszoon van Uitgeest, a farmer seeking a better way to cut trees into beams revolutionized the Dutch ship building industry. Before wind powered sawmills, hand sawing and plaining 60 beams would take 120 working days,
Small and medium size enterprises, often referred to as SMEs, make up the majority of the workforce in Iceland. The Icelandic SME owners and employees are well aware of the need to be resourceful when dealing with a challenging environment. Today SMEs around the world are affected more and more by the rapid changes in the IT environment and IT security awareness, as the volume and significance of digital data continues to increase. Although the headlines often focus on data theft, hacking of sensitive
The all-pervading Information Technology (IT) has brought unfathomable changes to global business today. While IT capabilities have grown exponentially, with newer business technologies introduced nearly every quarter, if not month, it has also ensured the successful exploration of fresher avenues in business operations – from everyday activities to trend forecasting and from compliance to customer service. The IT road to success has hardly been paved smooth.
After completing the previous phases towards ISO 27001 Certification, the final step in the process is the implementation of a Business Continuity Management plan. Business Continuity Management (BCM) is a holistic management process of identifying potential threats to a business entity (based on the Risk Assessment), the impact to operations those threats pose and the necessary steps needed to recover business operations after a disruption. The BCM provides a framework for building organizational resilience
The ISO/IEC 27001:2013 Standard introduces a process approach for integrating structures that strengthen an organization’s ISMS reducing the risks to the information assets. This approach covers the adoption and implementation of systems of processes within your organization, with identification and interactions of the processes, and their management.
The third phase of our Strategy for ISO 27001 Certification is the implementation,
Risk Assessment and Treatment:
Organizational information, whether customer data, credit card information, intellectual property, or other forms is considered a vital asset for organizations. The confidentiality, integrity, and availability of information allows for organizations to sustain a competitive advantage, cost-effectiveness, a steady cash flow, profitability, legal compliance and a positive reputation.
Your organization has decided or more than likely has become obligated to certify your ISMS to the ISO/IEC 27001:2013 Standard in order to comply or satisfy a regulation in your industry. Without the certification your organization will start to lose business opportunities.
First you need to understand what is the ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems and then, what you need to accomplish
The preparation to combat the sinister characters threatening our information security increases more than expected each year. On the other hand, the expectation and wish seems to be – what lack of a robust resolution and visible absence of diligent efforts to implement preventive measures haven't been able to achieve – would be duly covered up by incremental budget boosting. While information security for states has ‘gone fishin,’ software companies providing accounting,
“Reputation is an idle and most false imposition, oft got without merit and lost without deserving. You have lost no reputation at all unless you repute yourself such a loser,” Iago endeavors to make Cassio forget his sense of shame in Othello. Shakespeare’s antagonist, driven by his infamous “motiveless malignity,” knew it is not true as the manipulator himself used his reputation as “honest Iago” to bring about the downfall of Othello himself. Business organizations must accept
Mossack Fonseca (MossFon) and the Panama Papers information security leak is the largest amount of data stolen from a single company in history. The story has made the German newspaper Süddeutsche Zeitung (SZ) a celebrity of investigative journalism, but don‘t mistake the extraordinary amount of work SZ and the International Consortium of Investigative Journalists put in to properly disclose the revealing information.
Was it a sophisticated hacker or was it an inside job?
By now you have heard of the Panama Papers and the Mossack Fonseca. A massive data breach that was distributed through the media exposing the financial dealings through offshore accounts of many world leaders, politicians, celebrities and alleged nefarious individuals flooded the headlines last week. The first public figure casualty from the largest data breach in history was the Icelandic Prime Minister, Sigmundur Davíð Gunnlaugsson. After the revelations of the more than 11 million documents were distributed
Risk management disasters continue to capture the limelight with the latest one involving massive civilian causality. Growing evidence from the US and British intelligence indicate that terrorists successfully planted a bomb in cargo downing the Russia-bound flight in Egypt’s Sinai peninsula on October 31, killing all 224 people on board. While it is true that it is no easy task to “hermetically seal” any country border against these kinds of attacks, but it is equally true
The concerns surrounding information security in credit cards are not limited to a particular season, but they acquire added prominence during the holiday shopping season. While retailers look to gain optimum increase in sales through their online and in-store channels, gift giving spree combined with year-end buoyancy drive consumers to buy more. Hackers too wait for this season and look to gather credit card information by breaching any defense. In addition, poor information and data security
As businesses endeavor to explore new horizons of possibilities riding the unprecedented growth in information and communication technologies, data security concerns are at the forefront of conversations, and thankfully, involving even the board of directors. However, the recent history of information security is replete with organizations’ unsuccessful efforts to protect valuable data. Institutions across every industry are exhibiting fragile/futile risk management approaches.
A reported boost in the global information security spending during the ongoing year should have been something to cheer about, if you are related to the risk management discipline. However, with the incremental association of inevitability with cyber attacks, any such good update is failing to provide a prolonged duration of happiness, forget about a sense of security that consumer data is going to be protected well from here on.