Collaborate Disseminate
I am trying to understand what exactly I need to do for an assignment, this is for a piece of college work and the terminology used is different in the brief to that used in the course material so I am confused.
The brief states
you have … Continue reading Difference between ISMS and Cyber Security Risk Management Plan
The most important ‘web app’ we need to consider is Google accounts. Considering the number of other apps that use Google for login, it seems like the session timeout should be fairly short. On the other hand, people are annoyed by short s… Continue reading In an ISO 27001-compliant environment what are specific recommendations for web app session timeouts?
I work in a software-development company where we have a lot of tech-savvy people.
For ISO27001 certification we need to maintain list of approved software. And I’d like to understand how in practice this list is maintained and enforced?
T… Continue reading How to maintain and enforce an approved list of software?
I’m going through my first ISO27001 implementation and I can’t seem to find a definitive list of what policies are required. I realise Annex A is "optional".
I’ve found lists online a few times on a few different sites. I’ve dump… Continue reading Why doesn’t ISO27001 mandate an acceptable use policy?
Is there any reason why an information security standard such as ISO 27001 is not getting updated as Information Security field is constantly changing and also the requirements but its latest version is for 2013?
ISO 27001 looks at the information security from management point of view. I want to know whether it is a good option to be used when designing an information security system specifically a secure one.
Continue reading controls related to information systems’ design in ISO 27001
IASME delivers Cyber Essentials on behalf of UK NCSC
By Sam Jones | Cyber Tec Security and Dave Whitelegg
What is Cyber Essentials? If you are just hearing about the Cyber Essentials scheme, read on as we unpack 10 things you might not … Continue reading 10 Things You Might Not Know About Cyber Essentials
I am looking for alternatives, that are less strict and less time consuming, than ISO 27001. Australia is in the Commonwealth, so maybe Cyber Essentials Plus could work, but I do not know if that plays a part in it being recognized by the … Continue reading What alternative standard for ISO 27001 can be used in Australia?
My colleague told me that ISO 27001 require physical server running in the office to store user password. Therefore, using AWS Cognito or Firebase Auth can save us the physical server since they have ISO 27001.
Is my colleague correct? If … Continue reading Using AWS Cognito or Firebase Auth can help to certify my app with ISO 27001?
I need to define one metric for each control.
Which are the followings:
Backup
Classification of the information
So, I need to define a metric to measure if those controls are being fulfilled.
Continue reading What would be metrics to measure the compliance of the following controls? [closed]