Collaborate Disseminate
Our web application uses Google’s G Suite Single Sign-on for authentication into our application. As part of writing documentation around compensating controls, the PCI DSS requires “Validation of Compensating Controls” (Note… Continue reading Do you need to validate compensating controls of a certified organization?
It may seem that the question in the title is stupid, but it is not. There is a known case of deletion of “Auditors shall not audit their own work” rule in 2015 version of ISO 9001 and the remaining text (“select auditors and… Continue reading Can ISO 27001 auditors audit their own work?
We want to start implementing the ISMS according to ISO 27001. Now I know that the ISO 2700x familiy consists of a lot of standards, a lot of them beeing industry-specific standard documents.
My question is: which documents… Continue reading Starting with ISO 27001 – what to buy?
ISO 27001 A.16 is talking about handling information security incidents and events and about the point of contact to which such events should be reported.
I’m wondering how in real life and real companies this is implemented… Continue reading What a information security help desk looks like
I have a study project related to establishing of ISO 27001.
I will do GAP analyses on “fictional” company over all ISO 27001 Annex A controls using ISO 27002.
After I do that, I will detect the risks using the results of that GAP analys… Continue reading Potential risks per ISO 27002 clauses 5-18
I am curious if there are any released standards for homomorphic encryption, or computing on encrypted data. Perhaps by NIST, ANSI, or ISO. If not, are there any that are under development right now? If you have any estimates… Continue reading Are there currently any standards for Homomorphic encryption?
New cloud-based information security tool will enable enterprises to deliver fast, accurate and hassle-free ISO 27001 security risk assessments 1st October 2018 – Information security and compliance specialist, Vigilant Software, has announced th… Continue reading Vigilant Streamlines ISO 27001 Risk Assessments with vsRisk Cloud
What are good techniques useful for auditing information security in a company?
What are the most cost-effective options for this area?
More specifically, I would like to see answers include some aspects of ISO 270001 and oth… Continue reading Auditing ISMS tools and techniques [on hold]
It is more or less an open secret that the CISO should act independently in the company. In my opinion, a supposed reporting line to the CIO is a conflict of interest (budget vs. security).
The CISO should be independent of influence or p… Continue reading Is there a security standard/framework which interpret the CISO role as independent position
So ever since we got certified, every time some code from stackoverflow is shown the ISO 27001 argument comes up “we can’t copy code”.
As a dev, I have to say not allowing code form stackoverflow is insane and nobody listens… Continue reading ISO 27001 and copying code from stackoverflow