Category Archives: Security Certifications
Survey of ISO certifications, results for 2015
ISO is having surveys about number of ISO certifications, it is worth to have a look 🙂 The table below is taken from the executive summary. There are also excel files available for each ISO standard that shows certifications per … Continue reading
Process reference model (PRM) for ISMS (ISO 27001)
ISO TS 33052:2016 “Process reference model (PRM) for information security management” is in interesting document which can be useful when evaluating the possible ways to implement the information security management system (ISMS) processes (see ISO 27001 ISMS requirements). This Technical … Continue reading
Cyber essentials
Cyber Essentials scheme is one of the actions under the UK Government policy “Keeping the UK safe in cyber space“. The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement … Continue reading
True Cost of Compliance, by Ponemon & Tripwire
Ponemon Institute has created a report, commissioned by Tripwire, about the cost of compliance. This is good material to look for any security manager. Ponemon Institute and Tripwire Inc. conducted The True Cost of Compliance research to determine the full … Continue reading
McAfee’s Risk and Compliance Outlook Report
Report produced by McAfee is interesting reading for having a view on risk and compliance challenges within companies. McAfee retained Evalueserve to conduct an independent assessment of the factors organizations that use risk and compliance products face in 2012. This … Continue reading
Verizon’s Payment Card Industry Compliance Report
Verizon’s Payment Card Industry Compliance Report 2011 is available. It is good material to look if one wishes to have a view on PCI status. This report analyzes findings from actual Payment Card Industry (PCI) Data Security Standard (DSS) assessments … Continue reading
Common Criteria, main links
Wikipedia: Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements, vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products … Continue reading