WiFi is an acronym for ‘Wireless Fidelity’ which is one of methods by which computer/device may connect to the internet with out the use of wires. This is a technique of communication between the devices like routers, Computers, tablets, smartphones and other related hardware it makes use of radio frequencies. Security Risks and WiFi ThreatsContinue reading “WiFi Security”
Category Archives: Uncategorized
Phases of Audit
Below is the diagram to demonstrate steps involved in an audit: The following documents can be used as reference: Audit Checklist Audit Plan Sample Policy Format Audit Report Template Risk Register Statement of Applicability (SOA)
The Audit (ISO 19011)
What is an Audit? Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. Auditing means asking the auditee what he does, and checking to see if he does it. Types of Audit Actors in audit Auditing Principles
A.8 Technological Controls (34 Controls)
A.8.1 User end point devices Information stored on, processed by or accessible via user end point devices shall be protected. A.8.2 Privileged access rights The allocation and use of privileged access rights shall be restricted and managed. A.8.3 Information access restriction Access to information and other associated assets shall be restricted in accordance with theContinue reading “A.8 Technological Controls (34 Controls)”
A.7 Physical Controls (14 Controls)
A.7.1 Physical security perimeters Security perimeters shall be defined and used to protect areas that contain information and other associated assets. A.7.2 Physical entry Secure areas shall be protected by appropriate entry controls and access points. A.7.3 Securing offices, rooms and facilities Physical security for offices, rooms and facilities shall be designed and implemented. A.7.4Continue reading “A.7 Physical Controls (14 Controls)”
A.6 People Controls (8 Controls)
A.6.1 Screening Background verification checks on all candidates to become personnel shall be carried out prior to joining the organization and on an ongoing basis taking into consideration applicable laws, regulations and ethics and be proportional to the business requirements, the classification of the information to be accessed and the perceived risks. A.6.2 Terms andContinue reading “A.6 People Controls (8 Controls)”
A.5 Organizational Controls (37 Controls)
A.5.1 Policies for information security Information security policy and topic-specific policies shall be defined, approved by management, published, communicated to and acknowledged by relevant personnel and relevant interested parties, and reviewed at planned intervals and if significant changes occur. A.5.2 Information security roles and responsibilities Information security roles and responsibilities shall be defined and allocatedContinue reading “A.5 Organizational Controls (37 Controls)”
PDCA and Clauses
Plan(P) Do(D) Check(C) Act(A) ISO/IEC 27001:2022: Clause 4 of 10 Clause 4: Context of Organization ISO/IEC 27001:2022: Clause 5 of 10 Clause 5: Leadership ISO/IEC 27001:2022: Clause 6 of 10 Clause 6: Planning ISO/IEC 27001:2022: Clause 7 of 10 Clause 7: Support ISO/IEC 27001:2022: Clause 8 of 10 Clause 8: Operation ISO/IEC 27001:2022: Clause 9Continue reading “PDCA and Clauses”
Threat, Risk and Vulnerability
Threat: A potential cause of an unwanted Incident, which may result in harm to a System or OrganizationVulnerability: A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats.Risk: A combination of the probability of an Event and its Consequence Risk Assessment is the total sumContinue reading “Threat, Risk and Vulnerability”
What is ISMS,CIA Triad
Information Security Management System (ISMS) Information Security Management System (ISMS) is a management system made of multiple interacting components. What is information? As per ISO/IEC 27000:“Information (knowledge or data) is an asset which, like other important business assets is of value to an organization and consequently needs to be suitably protected”. Information can be: InformationContinue reading “What is ISMS,CIA Triad”
