Deloitte UK Reportedly Cyberattacked for 1 TB of Sensitive Data by Ransomware Group The Brain Cipher Ransomware group has reportedly claimed responsibility for a cyberattack on Deloitte UK. They allege that they have exfiltrated over 1 terabyte of data. This breach, if confirmed, could have serious implications for Deloitte’s clients and its professional reputation. However,Continue reading “Monthly Round Up for the month of December 2024”
Tag Archives: informationsecurity
Types of Information
Based on Sensitivity Based on Regulatory Requirements
Monthly Round Up for the month of November 2024
Insurance Administrator Landmark Admin Ransomware Data Breach Impacted Over 800,000 People Landmark Admin, a third-party insurance administrator, has confirmed a data breach. The May 2024 ransomware attack affected nearly one million customers. “The forensic investigation determined that data was encrypted and infiltrated from Landmark’s system,” the company said. Canada faces a cybersecurity crisis with criticalContinue reading “Monthly Round Up for the month of November 2024”
Monthly Round Up for the month of July 2024
AT & T cyber attack A massive AT&T Cyberattack caused Hackers to Steal Millions of Customer Records. Consequently, AT&T revealed that nearly all of its wireless customers’ call and text records were exposed. Furthermore, the hackers accessed customer data stored on a third-party cloud platform. Patient reports used as paper plates at Mumbai hospital A videoContinue reading “Monthly Round Up for the month of July 2024”
Information Security Clauses for business contracts and agreements
In line with ISO 27001 and NIST. General Clauses Confidentiality and Data Protection: a. The Vendor shall treat all data and information provided by [Company Name], including but not limited to personal data, intellectual property, and confidential business information, as strictly confidential and shall not disclose, share, or use such data and information for anyContinue reading “Information Security Clauses for business contracts and agreements”
WiFi Security
WiFi is an acronym for ‘Wireless Fidelity’ which is one of methods by which computer/device may connect to the internet with out the use of wires. This is a technique of communication between the devices like routers, Computers, tablets, smartphones and other related hardware it makes use of radio frequencies. Security Risks and WiFi ThreatsContinue reading “WiFi Security”
Phases of Audit
Below is the diagram to demonstrate steps involved in an audit: The following documents can be used as reference: Audit Checklist Audit Plan Sample Policy Format Audit Report Template Risk Register Statement of Applicability (SOA)
The Audit (ISO 19011)
What is an Audit? Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. Auditing means asking the auditee what he does, and checking to see if he does it. Types of Audit Actors in audit Auditing Principles
Monthly Round Up for the month of May 2024
Nissan data breach exposed Social Security numbers of thousands of employees Nissan suffered a data breach last November in a ransomware attack that exposed the Social Security numbers of thousands of former and current employees, the Japanese automaker said 15th May. Nissan’s U.S.-based subsidiary, Nissan North America, detailed the cyberattack in a May 15 letter toContinue reading “Monthly Round Up for the month of May 2024”
A.8 Technological Controls (34 Controls)
A.8.1 User end point devices Information stored on, processed by or accessible via user end point devices shall be protected. A.8.2 Privileged access rights The allocation and use of privileged access rights shall be restricted and managed. A.8.3 Information access restriction Access to information and other associated assets shall be restricted in accordance with theContinue reading “A.8 Technological Controls (34 Controls)”
