Collaborate Disseminate
I would like to bid for contracts where ISO27001 certification is a requirement. I build cloud based bespoke software.
Although I take security extremely seriously – I don’t have any formal processes at present. I just try and follow best … Continue reading Can a business with a single employee gain ISO27001 certification?
I was at the ISO/IEC 27001 official web page. I saw a the publication for the norm. It’s about 23 pages. So I was wondering if studying those 23 pages would prepare me enough, lets say at 80%, to passe exams for foundation, lead auditor or… Continue reading Is reading ISO 27000 official publication sufficient to prepare for exam? [closed]
In order to “harden” our compliance, we wanted to enforce a two-persons rule on the MySQL production database for “manual fixes”. Such “manual fixes” frequently arise due to:
Bug in the application (we are a fast company :D)
Various cust… Continue reading Two persons-rule on MySQL databases for "manual fixes"
Could anyone help me understand security certificates for software? Let’s suppose we’re talking about a complex application that has a desktop version and a cloud version as well. The final goal is to adjust its code to some recognized sta… Continue reading Security certificates for software [closed]
If you have a familiarity with any information security frameworks and certifications, it’s more than likely you have heard of International Organisation for Standardisation (ISO) and possibly the International Electrotechnical Commission (IEC). … Continue reading What is ISO 27701?
We’re a small UK startup building a small service that allows certain special people (e.g. journalists) to access non-public court information.
This information includes a ton of private and sensitive information that cannot just be share… Continue reading Is it safe and permissive to remember devices to skip two factor authentication when dealing with sensitive information?
The ISO/IEC 27000-series of standards lay out how to create and manage an information security management system (ISMS). The ISO/IEC 27001 document provides the main body of the standard and is augmented by a number of sector-specific guid… Continue reading Is the ISO/IEC 27001 standard incompatible with free/open source software?
My company computer is using MS Windows and I myself as a software engineer I would recommend my developer team to use OSX since it is hassle least than Linux/Unix based OS. When I propose the computer spec to IT department. … Continue reading My IT manager says rMBP is not satisfied ISO27001
I received a question as follows: Does the vendor solution need to have the ISO 27001 certification for the application itself, or just for the hosting of the platform?
In my understanding, ISO 27001 cert concerns companies/vendors and inc… Continue reading ISO 27001 compliance for application or hosting?
I am reading about setting up a security organisation. However, the more i read the more confused I get. I know that security committee is chaired by the chief information security officer and reports to the ceo. However, I’m… Continue reading Confused about security organisation