Category Archives: Security Standardization and Practises
Cyber essentials
Cyber Essentials scheme is one of the actions under the UK Government policy “Keeping the UK safe in cyber space“. The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement … Continue reading
Posted in Cybersecurity, ICT Regulation, Risk Management, Security Certifications, Security Standardization and Practises
Comments Off on Cyber essentials
Cloud Service Level Agreement Standardisation Guidelines, by C-SIG (europe)
Interesting document “Cloud SLA standardization guidelines” is available at the Digital Agenda for Europe site. The work has been done by the C-SIG (Cloud Select Industry Group) subgroup, and they are contributing this as input for the new standard ISO/IEC … Continue reading
Posted in Cloud Standards, ICT Leadership and Management, ICT Standards, Privacy, Security Standardization and Practises
Comments Off on Cloud Service Level Agreement
Standardisation Guidelines, by C-SIG (europe)
Publicly available ISO standards: security & privacy related
It is good to know that some freely available ISO standards are related to security and privacy (Reference: Publicly Available Standards). For example ISO 27000 and ISO 29100 are freely available. Security Management ISO 27000 Information security management systems – … Continue reading
Posted in Security Management, Security Standardization and Practises, Security Terminology, Security Training, Awareness and Reports
Comments Off on Publicly available ISO standards: security & privacy related
Application Security Weaknesses, OWASP Top 10
OWASP (Open Web Application Security Project) is maintaining top 10 list of most common application vulnerabilities/weaknesses. Injection Broken Authentication and Session Management Cross-Site Scripting (XSS) Insecure Direct Object References Security Misconfiguration Sensitive Data Exposure Missing Function Level Access Control Cross-Site … Continue reading
Posted in Security Management, Security Standardization and Practises, Security Threats, Security Training, Awareness and Reports
Comments Off on Application Security Weaknesses, OWASP Top 10
Updated ISO 27000, 27001 and 27002
The most important Information Security Management standard has been updated. 27000:2012 Overview and vocabulary download 27001:2013 Requirements 27002:2013 Code of practice for information security controls Other Links The new version of ISO/IEC 27001:2013 is here Transition Guide Mapping Guide 27001:2013 … Continue reading
Posted in ICT News, ICT Standards, ISO, Security Management, Security News, Security Standardization and Practises
Comments Off on Updated ISO 27000, 27001 and 27002
Common Sense Guide to Mitigating Insider Threats
Software Engineering Institute has published the latest revision of the “Common Sense Guide to Mitigating Insider Threats“. It is good reading for any security manager, and provides 19 practises that each organization should implement. Definition Malicious insider is defined as … Continue reading
Posted in Security Management, Security Standardization and Practises, Security Training, Awareness and Reports
Comments Off on Common Sense Guide to Mitigating Insider Threats
Flow diagram of payment card data, or personal data, in the cloud
The recent PCI DSS Information supplement “PCI DSS Cloud Computing Guidelines” emphasizes the same message as earlier guidelines like ISO standard “29100 Privacy Framework“ NIST SP 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) NIST SP 800-122: … Continue reading
Posted in Cloud Security, Privacy, Security Management, Security Standardization and Practises, Security Training, Awareness and Reports
Comments Off on Flow diagram of payment card data, or personal data, in the cloud