When organisations begin their ISO 27001 certification project, they must prove their compliance with appropriate documentation. That involves documenting your information security risk assessment process. In this blog, we explain how you can do that. Elements of the ISO 27001 risk assessment procedure Clause 6.1.2 of the Standard states that organisations must “define and apply” a risk assessment process. An information security risk assessment is a formal, top management-driven process and sits at the core of an ISO 27001 information security management system (ISMS). There are five simple steps that you should take to conduct a successful risk assessment: Establish a risk
The post How to write an ISO 27001-compliant risk assessment procedure appeared first on IT Governance UK Blog.
Read More How to write an ISO 27001-compliant risk assessment procedure
These days, technology seems to evolve at the speed of light. Infrastructures change, attack surfaces reduce and multiply and, not surprisingly, your cloud environment advances. However, with new cloud deployment scenarios created to accelerate busines…
Read More How to rethink risks with new cloud deployments
TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on.
Most interesting to me is the home countries of these companies. Express VPN is incorporated in the British Virgin Islands. NordVPN is incorporated in Panama. There are VPNs from the Seychelles, Malaysia, and Bulgaria. There are VPNs from more Western and democratic countries like the US, Switzerland, Canada, and Sweden. Presumably all of those companies follow the laws of their home country…
Read More VPNs and Trust
Microsoft researchers just released an open-source automation tool for security testing AI systems: “Counterfit.” Details on their blog.
Read More AI Security Risk Assessment Tool
Salesforce isn’t rocket science, but the software has an incredible array of tools, which is why securing it demands a unique (and sometimes complex) approach. If you’re hoping to mitigate risks associated with your company’s use of Salesforce, y…
Read More Acting on a security risk assessment of your organization’s use of Salesforce
By removing the most common cause of traffic accidents – the human driver – autonomous vehicles are expected to reduce traffic accidents and fatalities. However, they may pose a completely different type of risk to drivers, passengers and pedestrians. …
Read More Cybersecurity risks connected to AI in autonomous vehicles
Protecting your organisation against cyber attacks can sometimes feel like a never-ending game of security whack-a-mole. As soon as you’ve secured one weakness, another one appears. This can demoralise any organisation and make them believe that good information security practices are impossible. However, there is a solution – but it requires a different way of thinking. Organisations must stop looking at each individual threat as it arises and instead build defences that are equipped to handle whatever cyber criminals throw at you. Doing that is simpler than it sounds. That’s because, as much as cyber criminals’ tactics evolve, they tend
The post 5 ways to improve your information security in 2021 appeared first on IT Governance UK Blog.
Read More 5 ways to improve your information security in 2021
Internal threat actors cause millions in damages and at times walk away scot-free while you’re left picking up the pieces. Think you’re immune to this type of event? Trust me, you’re not.
Read More Tales from the trenches: dealing with internal threats
The post Tales from the trenches: dealing with internal threats …
President Biden wants his Peloton in the White House. For those who have missed the hype, it’s an Internet-connected stationary bicycle. It has a screen, a camera, and a microphone. You can take live classes online, work out with your friends, or join the exercise social network. And all of that is a security risk, especially if you are the president of the United States.
Any computer brings with it the risk of hacking. This is true of our computers and phones, and it’s also true about all of the Internet-of-Things devices that are increasingly part of our lives. These large and small appliances, cars, medical devices, toys and — yes — exercise machines are all computers at their core, and they’re all just as vulnerable. Presidents face special risks when it comes to the IoT, but Biden has the NSA to help him handle them…
Read More Presidential Cybersecurity and Pelotons