risk assessment

When organisations begin their ISO 27001 certification project, they must prove their compliance with appropriate documentation. That involves documenting your information security risk assessment process. In this blog, we explain how you can do that. Elements of the ISO 27001 risk assessment procedure Clause 6.1.2 of the Standard states that organisations must “define and apply” a risk assessment process. An information security risk assessment is a formal, top management-driven process and sits at the core of an ISO 27001 information security management system (ISMS). There are five simple steps that you should take to conduct a successful risk assessment: Establish a risk

The post How to write an ISO 27001-compliant risk assessment procedure appeared first on IT Governance UK Blog.

Read More How to write an ISO 27001-compliant risk assessment procedure

TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on.

Most interesting to me is the home countries of these companies. Express VPN is incorporated in the British Virgin Islands. NordVPN is incorporated in Panama. There are VPNs from the Seychelles, Malaysia, and Bulgaria. There are VPNs from more Western and democratic countries like the US, Switzerland, Canada, and Sweden. Presumably all of those companies follow the laws of their home country…

Read More VPNs and Trust

Protecting your organisation against cyber attacks can sometimes feel like a never-ending game of security whack-a-mole. As soon as you’ve secured one weakness, another one appears. This can demoralise any organisation and make them believe that good information security practices are impossible. However, there is a solution – but it requires a different way of thinking. Organisations must stop looking at each individual threat as it arises and instead build defences that are equipped to handle whatever cyber criminals throw at you. Doing that is simpler than it sounds. That’s because, as much as cyber criminals’ tactics evolve, they tend

The post 5 ways to improve your information security in 2021 appeared first on IT Governance UK Blog.

Read More 5 ways to improve your information security in 2021

President Biden wants his Peloton in the White House. For those who have missed the hype, it’s an Internet-connected stationary bicycle. It has a screen, a camera, and a microphone. You can take live classes online, work out with your friends, or join the exercise social network. And all of that is a security risk, especially if you are the president of the United States.

Any computer brings with it the risk of hacking. This is true of our computers and phones, and it’s also true about all of the Internet-of-Things devices that are increasingly part of our lives. These large and small appliances, cars, medical devices, toys and — yes — exercise machines are all computers at their core, and they’re all just as vulnerable. Presidents face special risks when it comes to the IoT, but Biden has the NSA to help him handle them…

Read More Presidential Cybersecurity and Pelotons