Articles / Blogs

July 26, 2018

EU GDPR – Are You Ready?

General Data Protection Regulation (GDPR) has been rolled out in Europe, starting on 25 May 2018. The enforcement of the regulation is aimed at ensuring that companies within 28 EU economies rigorously follow international best practices of data security management while handling personal data of EU citizens. Well, EU GDPR was imminent after it was approved in April 2016. The now enforceable regulation has made it intimidating for enterprises by stopping the free run since 1995, due to a lack of any substantial changes in consumer private data protection.
May 8, 2018

Information Security – Cybersecurity

More and more the business terms information security and cybersecurity are used interchangeably. The media and recently elected government officials are dumbing down the world of security, specifically the protection of information in all forms. It seems daily, that the major news outlets in all countries are reporting cyberattacks organizations of all types. Social media is constantly buzzing with the latest cyberattack on well known companies

March 9, 2018

Implementing ISMS Controls Is Not Enough

Your company has decided to pursue the ISO/IEC 27001:2013 certification and now the business of meeting the requirements are underway. The strategy has been created and projected over a period of time probably between six months to a year. The management team has taken the first steps to establish the scope of the ISMS, drafted the ISMS policy and started designing the Risk Management Strategy. Now it's time to become very familiar with the ISO27001 Standards' requirements and recommended security controls in Annex A. Remember that you aren't obligated to use the controls provided

February 26, 2018

Access Control: Moving Beyond Compliance

The rapidly changing technological landscape is ushering in efficient decision making and process enhancements that enable extraordinary growth in global commerce. However, with myriad of devices interconnected to multiple access points handled directly or indirectly by human workforce's are introducing unique challenges to business organizations. The inevitable participation of human control of the technological business environment creates constant threats – deliberate or accidental – to confidential information.

February 5, 2018

GDPR for Personal Data Protection

The new regulation passed by the European Union named the General Data Protection Regulation (GDPR) goes into effect on May 25th this year across the European Union (EU), along with Norway, Iceland, and Liechtenstein. The GDPR is designed to enhance personal data protection within information systems. The GDPR also aims to better protect data subjects against personal information abuse through reduction of the collection, storage, and distribution of such data. Company and institution managers, who work with or have access to personal data,
January 18, 2018

Best Practice ISO 27001 Required Documentation

Recently I visited Amsterdam and I was fascinated by one unexpected part of my trip. The windmills located in the Zaanse Schans, more specifically the wind powered sawmill that is a rich element of Dutch history. Invented at the end of the 16th century by Cornelis Corneliszoon van Uitgeest, a farmer seeking a better way to cut trees into beams revolutionized the Dutch ship building industry. Before wind powered sawmills, hand sawing and plaining 60 beams would take 120 working days,

November 11, 2017

Most common IT Risks threatening SMEs

Small and medium size enterprises, often referred to as SMEs, make up the majority of the workforce in Iceland. The Icelandic SME owners and employees are well aware of the need to be resourceful when dealing with a challenging environment. Today SMEs around the world are affected more and more by the rapid changes in the IT environment and IT security awareness, as the volume and significance of digital data continues to increase. Although the headlines often focus on data theft, hacking of sensitive

September 3, 2017

Vendor risk assessment for ISO 27001

The all-pervading Information Technology (IT) has brought unfathomable changes to global business today. While IT capabilities have grown exponentially, with newer business technologies introduced nearly every quarter, if not month, it has also ensured the successful exploration of fresher avenues in business operations – from everyday activities to trend forecasting and from compliance to customer service. The IT road to success has hardly been paved smooth.

July 7, 2017

Strategy for ISO 27001 Certification-Phase 4-BCM

After completing the previous phases towards ISO 27001 Certification, the final step in the process is the implementation of a Business Continuity Management plan. Business Continuity Management (BCM) is a holistic management process of identifying potential threats to a business entity (based on the Risk Assessment), the impact to operations those threats pose and the necessary steps needed to recover business operations after a disruption. The BCM provides a framework for building organizational resilience

June 18, 2017

Strategy fo ISO 27001 Certification-Phase 3

The ISO/IEC 27001:2013 Standard introduces a process approach for integrating structures that strengthen an organization’s ISMS reducing the risks to the information assets. This approach covers the adoption and implementation of systems of processes within your organization, with identification and interactions of the processes, and their management.

The third phase of our Strategy for ISO 27001 Certification is the implementation,

May 17, 2017

Strategy for ISO 27001 Certification-Phase 2

Risk Assessment and Treatment:

Organizational information, whether customer data, credit card information, intellectual property, or other forms is considered a vital asset for organizations. The confidentiality, integrity, and availability of information allows for organizations to sustain a competitive advantage, cost-effectiveness, a steady cash flow, profitability, legal compliance and a positive reputation.

April 10, 2017

Strategy for ISO 27001 Certification

Your organization has decided or more than likely has become obligated to certify your ISMS to the ISO/IEC 27001:2013 Standard in order to comply or satisfy a regulation in your industry. Without the certification your organization will start to lose business opportunities.

First you need to understand what is the ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems and then, what you need to accomplish

September 29, 2016

2016 Information Security Spending $81.6 Billion

The preparation to combat the sinister characters threatening our information security increases more than expected each year. On the other hand, the expectation and wish seems to be – what lack of a robust resolution and visible absence of diligent efforts to implement preventive measures haven't been able to achieve – would be duly covered up by incremental budget boosting. While information security for states has ‘gone fishin,’ software companies providing accounting,

June 12, 2016

Lessons on Managing Reputation Risk post Dieselgate

“Reputation is an idle and most false imposition, oft got without merit and lost without deserving. You have lost no reputation at all unless you repute yourself such a loser,” Iago endeavors to make Cassio forget his sense of shame in Othello. Shakespeare’s antagonist, driven by his infamous “motiveless malignity,” knew it is not true as the manipulator himself used his reputation as “honest Iago” to bring about the downfall of Othello himself. Business organizations must accept

May 8, 2016

Hacker with a conscience or whistleblower?

Mossack Fonseca (MossFon) and the Panama Papers information security leak is the largest amount of data stolen from a single company in history. The story has made the German newspaper Süddeutsche Zeitung (SZ) a celebrity of investigative journalism, but don‘t mistake the extraordinary amount of work SZ and the International Consortium of Investigative Journalists put in to properly disclose the revealing information.

Was it a sophisticated hacker or was it an inside job?

April 12, 2016

The Pirates are invading the Vikings

By now you have heard of the Panama Papers and the Mossack Fonseca. A massive data breach that was distributed through the media exposing the financial dealings through offshore accounts of many world leaders, politicians, celebrities and alleged nefarious individuals flooded the headlines last week. The first public figure casualty from the largest data breach in history was the Icelandic Prime Minister, Sigmundur Davíð Gunnlaugsson. After the revelations of the more than 11 million documents were distributed

January 17, 2016

Instituting efficient insider threat prevention in aviation

Risk management disasters continue to capture the limelight with the latest one involving massive civilian causality. Growing evidence from the US and British intelligence indicate that terrorists successfully planted a bomb in cargo downing the Russia-bound flight in Egypt’s Sinai peninsula on October 31, killing all 224 people on board. While it is true that it is no easy task to “hermetically seal” any country border against these kinds of attacks, but it is equally true

December 21, 2015

Avoid Being a Target this Holiday Season

The concerns surrounding information security in credit cards are not limited to a particular season, but they acquire added prominence during the holiday shopping season. While retailers look to gain optimum increase in sales through their online and in-store channels, gift giving spree combined with year-end buoyancy drive consumers to buy more. Hackers too wait for this season and look to gather credit card information by breaching any defense. In addition, poor information and data security

November 3, 2015
Retina scan for access control

Information Security Access Control – Sweat the small things

As businesses endeavor to explore new horizons of possibilities riding the unprecedented growth in information and communication technologies, data security concerns are at the forefront of conversations, and thankfully, involving even the board of directors. However, the recent history of information security is replete with organizations’ unsuccessful efforts to protect valuable data. Institutions across every industry are exhibiting fragile/futile risk management approaches.

October 28, 2015

Security spending increasing to $75.4bn for 2015

A reported boost in the global information security spending during the ongoing year should have been something to cheer about, if you are related to the risk management discipline. However, with the incremental association of inevitability with cyber attacks, any such good update is failing to provide a prolonged duration of happiness, forget about a sense of security that consumer data is going to be protected well from here on.