Category Archives: Security Standardization and Practises
Survey of ISO certifications, results for 2015
ISO is having surveys about number of ISO certifications, it is worth to have a look 🙂 The table below is taken from the executive summary. There are also excel files available for each ISO standard that shows certifications per … Continue reading
Posted in ICT Leadership and Management, ICT Standards, Security Certifications, Security Management, Security Standardization and Practises, Security Training, Awareness and Reports
Comments Off on Survey of ISO certifications, results for 2015
Converting ISO 27002 into an excel and a graph
ISO 27002 “Code of practice for information security controls” list 144 controls with the same structure for all the controls. If one would like to work on these controls, like reusing them in another documentation or doing a presentation etc, … Continue reading
Posted in Anvanced Tools, DIY, ISO, Security Standardization and Practises, Tips, Tools
Comments Off on Converting ISO 27002 into an excel and a graph
Process reference model (PRM) for ISMS (ISO 27001)
ISO TS 33052:2016 “Process reference model (PRM) for information security management” is in interesting document which can be useful when evaluating the possible ways to implement the information security management system (ISMS) processes (see ISO 27001 ISMS requirements). This Technical … Continue reading
Posted in Security Certifications, Security Management, Security Standardization and Practises
Comments Off on Process reference model (PRM) for ISMS (ISO 27001)
Recommended Book: The Complete Book of Data Anonymization
I was getting started to search for information about data anonymization and preparing to took a time to do “yet another internet search” for information sources; until I happened to find this book. I was positively surprised that it did … Continue reading
Posted in Books, Cloud Security, Cybersecurity, ICT, ICT Books, Security Management, Security Standardization and Practises, Security Terminology
Comments Off on Recommended Book: The Complete Book of Data Anonymization
Test: ONVIF IP Camera
ONVIF is recent standard for security IP cameras. Due to the standard, it should be easier to integrate these cameras into a surveillance solution. From ONVIF site: The ONVIF specification defines a common protocol for the exchange of information between … Continue reading
Posted in Audio and Video, DIY, For Fun or Interest, Hobbies and Other Interests, Security Standardization and Practises, Security Training, Awareness and Reports, Tests, Tools
Comments Off on Test: ONVIF IP Camera
STIX, Structured Threat Information eXpression, by Mitre
Structured Threat Information eXpression STIX is a collaborative community-driven effort to define and develop a standardized language to represent structured cyber threat information. STIX Use Cases STIX sample This is from the training material. From samples page: STIX Tree Viewer … Continue reading
Posted in ICT, ICT Standards, Security Incidents and Cases, Security Standardization and Practises, Security Threats
Comments Off on STIX, Structured Threat Information eXpression, by Mitre
Indicators of Compromise, OpenIOC and CyBOX
Indicator of compromise IOC IOC in computer forensics is an artifact observed on a network or in operating system that with high confidence indicates a computer intrusion. Typical IOCs are virus signatures and IP addresses, MD5 hashes of malware files … Continue reading
Posted in ICT, ICT Standards, Security Incidents and Cases, Security Standardization and Practises, Security Threats
Comments Off on Indicators of Compromise, OpenIOC and CyBOX