Tag Archives: cyber-security

Monthly Round Up for the month of May 2024

Nissan data breach exposed Social Security numbers of thousands of employees Nissan suffered a data breach last November in a ransomware attack that exposed the Social Security numbers of thousands of former and current employees, the Japanese automaker said 15th May.  Nissan’s U.S.-based subsidiary, Nissan North America, detailed the cyberattack in a May 15 letter toContinue reading “Monthly Round Up for the month of May 2024”

A.8 Technological Controls (34 Controls)

A.8.1 User end point devices Information stored on, processed by or accessible via user end point devices shall be protected. A.8.2 Privileged access rights The allocation and use of privileged access rights shall be restricted and managed. A.8.3 Information access restriction Access to information and other associated assets shall be restricted in accordance with theContinue reading “A.8 Technological Controls (34 Controls)”

A.7 Physical Controls (14 Controls)

A.7.1 Physical security perimeters Security perimeters shall be defined and used to protect areas that contain information and other associated assets. A.7.2 Physical entry Secure areas shall be protected by appropriate entry controls and access points. A.7.3 Securing offices, rooms and facilities Physical security for offices, rooms and facilities shall be designed and implemented. A.7.4Continue reading “A.7 Physical Controls (14 Controls)”

A.5 Organizational Controls (37 Controls)

A.5.1 Policies for information security Information security policy and topic-specific policies shall be defined, approved by management, published, communicated to and acknowledged by relevant personnel and relevant interested parties, and reviewed at planned intervals and if significant changes occur. A.5.2 Information security roles and responsibilities Information security roles and responsibilities shall be defined and allocatedContinue reading “A.5 Organizational Controls (37 Controls)”

Monthly Round Up for the month of April 2024

Boat Data Breach Exposes Personal Information of Over 7.5 Million Users Amit Gupta-led startup Boat has reportedly witnessed a major data breach incident. The private details of over 7.5 million customers have made their way onto the dark web. This includes sensitive information like names, addresses, phone numbers, email addresses, and customer IDs. As perContinue reading “Monthly Round Up for the month of April 2024”

Threat, Risk and Vulnerability

Threat: A potential cause of an unwanted Incident, which may result in harm to a System or OrganizationVulnerability: A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats.Risk: A combination of the probability of an Event and its Consequence Risk Assessment is the total sumContinue reading “Threat, Risk and Vulnerability”

What is ISMS,CIA Triad

Information Security Management System (ISMS) Information Security Management System (ISMS) is a management system made of multiple interacting components. What is information? As per ISO/IEC 27000:“Information (knowledge or data) is an asset which, like other important business assets is of value to an organization and consequently needs to be suitably protected”. Information can be: InformationContinue reading “What is ISMS,CIA Triad”