Author Archives: Aayush Goel

Implementing ISO 27001: A Step-by-Step Guide

Steps to implement ISO 27001 Context Setting What activities you should follow: These activities should deliver the following: The below templates can be used for documentation purposes: Risk Assessment Threats, Vulnerabilities & Risks Threat: A potential cause of an unwanted Incident, which may result in harm to a System or Organization Vulnerability: A vulnerability isContinue reading “Implementing ISO 27001: A Step-by-Step Guide”

Understanding ISMS: Scope and Key Clauses Explained

Scope and Applicability It is applicable to all organisations whether commercial, government or Non profit. It covers and specify the requirements for the following: PDCA Cycle Clauses: Clause 4: Context of Organization Clause 5: Leadership Clause 6: Planning Clause 7: Support Clause 8: Operation Clause 9: Performance evaluation Clause 10: Improvement

AWS Security – Part 1- Securing Root Account with MFA

Task: Create AWS account and set up for below tasks What is the need to perform this: Securing an AWS root account is crucial because it has unrestricted access to all resources and services within your AWS environment. If compromised, an attacker could delete resources, steal data, or even lock you out of your ownContinue reading “AWS Security – Part 1- Securing Root Account with MFA”

Audit Conclusions

Objectives of Audit Conclusions Preparing Audit Conclusions ISO 19011, clause 6.4.9 Before the closing meeting, the auditors meeting consult each other to: Discussing Audit Conclusions with the Auditee It is important to discuss audit findings and conclusions with the management before the closing meeting and submitting the final report to: Closing Meeting Agenda Model PreparingContinue reading “Audit Conclusions”

Stage 2 audit

Objectives of Stage 2 Audit Step 1 Conducting the opening meeting ISO 19011, Clause 6.4.3 The purpose of the opening is to: Step 2 Collecting Information Information can be collected in the form of: and many more… Audit Procedure – Interview Ask employees and other interested persons (third parties) questions (verbal or written) to gatherContinue reading “Stage 2 audit”

Stage 1 Audit

Objectives of the Stage 1 Audit Stage 1 Audit steps Site Visit Activities To be Carried Out Document review The main objectives of the document audit are: • General understanding of the operation of the management system • Evaluation of the design of the management system as well as the related processes and controls •Continue reading “Stage 1 Audit”

Cybersecurity Breaches: Recent High-Profile Cases in the month of February 2025

OpenAI Data Breach – Threat Actor Allegedly Claims 20 Million Logins for Sale Threat actors from dark web forums claim to have stolen and leaked 20 million OpenAI user login credentials, potentially making OpenAI the latest high-profile target of a significant data breach. This alleged breach has raised serious concerns among tech users and cybersecurityContinue reading “Cybersecurity Breaches: Recent High-Profile Cases in the month of February 2025”

DevSecOps – Secure Software Development

TryHackMe’s DevSecOps Learning Path focuses on securing pipelines and introducing Infrastructure as Code (IaC) and Containerisation security techniques. You’ll learn the tools and practices to ensure robust development processes and secure software deployment workflows. From fortifying pipelines to automating infrastructure management, you will gain practical insights into modern DevSecOps methodologies. Secure Software Development Lab: IntroductionContinue reading “DevSecOps – Secure Software Development”

Phase 1 – Initiating the audit

Appointing the Audit Team Leader Validation of the Audit Objectives In an ISO 27001 certification audit, the main audit objectives are to confirm that: Validation of the Audit scope The audit scope describes the range and limits of he audit; for example, the locations, the organizational units, the activities and the process to be auditedContinue reading “Phase 1 – Initiating the audit”