Scope and Applicability It is applicable to all organisations whether commercial, government or Non profit. It covers and specify the requirements for the following: PDCA Cycle Clauses: Clause 4: Context of Organization Clause 5: Leadership Clause 6: Planning Clause 7: Support Clause 8: Operation Clause 9: Performance evaluation Clause 10: Improvement
Tag Archives: informationsecurity
AWS Security – Part 1- Securing Root Account with MFA
Task: Create AWS account and set up for below tasks What is the need to perform this: Securing an AWS root account is crucial because it has unrestricted access to all resources and services within your AWS environment. If compromised, an attacker could delete resources, steal data, or even lock you out of your ownContinue reading “AWS Security – Part 1- Securing Root Account with MFA”
Audit Conclusions
Objectives of Audit Conclusions Preparing Audit Conclusions ISO 19011, clause 6.4.9 Before the closing meeting, the auditors meeting consult each other to: Discussing Audit Conclusions with the Auditee It is important to discuss audit findings and conclusions with the management before the closing meeting and submitting the final report to: Closing Meeting Agenda Model PreparingContinue reading “Audit Conclusions”
Beyond the Initial Audit
Objective of beyond the Initial Audit Surveillance Activities Surveillance activities can also include: Surveillance Audits Re-certification Audit Certification Special cases Use of ISO Trade marks
Stage 2 audit
Objectives of Stage 2 Audit Step 1 Conducting the opening meeting ISO 19011, Clause 6.4.3 The purpose of the opening is to: Step 2 Collecting Information Information can be collected in the form of: and many more… Audit Procedure – Interview Ask employees and other interested persons (third parties) questions (verbal or written) to gatherContinue reading “Stage 2 audit”
Stage 1 Audit
Objectives of the Stage 1 Audit Stage 1 Audit steps Site Visit Activities To be Carried Out Document review The main objectives of the document audit are: • General understanding of the operation of the management system • Evaluation of the design of the management system as well as the related processes and controls •Continue reading “Stage 1 Audit”
Cybersecurity Breaches: Recent High-Profile Cases in the month of February 2025
OpenAI Data Breach – Threat Actor Allegedly Claims 20 Million Logins for Sale Threat actors from dark web forums claim to have stolen and leaked 20 million OpenAI user login credentials, potentially making OpenAI the latest high-profile target of a significant data breach. This alleged breach has raised serious concerns among tech users and cybersecurityContinue reading “Cybersecurity Breaches: Recent High-Profile Cases in the month of February 2025”
DevSecOps – Secure Software Development
TryHackMe’s DevSecOps Learning Path focuses on securing pipelines and introducing Infrastructure as Code (IaC) and Containerisation security techniques. You’ll learn the tools and practices to ensure robust development processes and secure software deployment workflows. From fortifying pipelines to automating infrastructure management, you will gain practical insights into modern DevSecOps methodologies. Secure Software Development Lab: IntroductionContinue reading “DevSecOps – Secure Software Development”
Phase 1 – Initiating the audit
Appointing the Audit Team Leader Validation of the Audit Objectives In an ISO 27001 certification audit, the main audit objectives are to confirm that: Validation of the Audit scope The audit scope describes the range and limits of he audit; for example, the locations, the organizational units, the activities and the process to be auditedContinue reading “Phase 1 – Initiating the audit”
Cybersecurity Breaches: Recent High-Profile Cases in the month of January 2025
Ransomware attack on New York Blood Center forces workarounds, drive cancellations One of the largest independent blood centers serving over 75 million people across the U.S. has been hit by a ransomware attack, forcing officials to reschedule blood drives and implement workarounds. New York Blood Center Enterprises said its team discovered suspicious activity affecting theContinue reading “Cybersecurity Breaches: Recent High-Profile Cases in the month of January 2025”
