Tag Archives: informationsecurity

A.6 People Controls (8 Controls)

A.6.1 Screening Background verification checks on all candidates to become personnel shall be carried out prior to joining the organization and on an ongoing basis taking into consideration applicable laws, regulations and ethics and be proportional to the business requirements, the classification of the information to be accessed and the perceived risks. A.6.2 Terms andContinue reading “A.6 People Controls (8 Controls)”

A.5 Organizational Controls (37 Controls)

A.5.1 Policies for information security Information security policy and topic-specific policies shall be defined, approved by management, published, communicated to and acknowledged by relevant personnel and relevant interested parties, and reviewed at planned intervals and if significant changes occur. A.5.2 Information security roles and responsibilities Information security roles and responsibilities shall be defined and allocatedContinue reading “A.5 Organizational Controls (37 Controls)”

Monthly Round Up for the month of April 2024

Boat Data Breach Exposes Personal Information of Over 7.5 Million Users Amit Gupta-led startup Boat has reportedly witnessed a major data breach incident. The private details of over 7.5 million customers have made their way onto the dark web. This includes sensitive information like names, addresses, phone numbers, email addresses, and customer IDs. As perContinue reading “Monthly Round Up for the month of April 2024”

Lab 2:  Network Security Groups and Application Security Groups

Objective You have been asked to implement your organization’s virtual networking infrastructure and test to ensure it is working correctly. In particular: Exercise 1: Create the virtual networking infrastructure Step 1: Type Virtual networks and press the Enter key and click + Create. Step 2: Fill in the details On the IP addresses tab ofContinue reading “Lab 2:  Network Security Groups and Application Security Groups”

PDCA and Clauses

Plan(P) Do(D) Check(C) Act(A) ISO/IEC 27001:2022: Clause 4 of 10 Clause 4: Context of Organization ISO/IEC 27001:2022: Clause 5 of 10 Clause 5: Leadership ISO/IEC 27001:2022: Clause 6 of 10 Clause 6: Planning ISO/IEC 27001:2022: Clause 7 of 10 Clause 7: Support ISO/IEC 27001:2022: Clause 8 of 10 Clause 8: Operation ISO/IEC 27001:2022: Clause 9Continue reading “PDCA and Clauses”

Threat, Risk and Vulnerability

Threat: A potential cause of an unwanted Incident, which may result in harm to a System or OrganizationVulnerability: A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats.Risk: A combination of the probability of an Event and its Consequence Risk Assessment is the total sumContinue reading “Threat, Risk and Vulnerability”

What is ISMS,CIA Triad

Information Security Management System (ISMS) Information Security Management System (ISMS) is a management system made of multiple interacting components. What is information? As per ISO/IEC 27000:“Information (knowledge or data) is an asset which, like other important business assets is of value to an organization and consequently needs to be suitably protected”. Information can be: InformationContinue reading “What is ISMS,CIA Triad”

Lab 1: Role Based Access Control

Objective You have been asked to create a proof of concept showing how Azure users and groups are created. Also, how role-based access control is used to assign roles to groups. Specifically, you need to: Step 1: Login to the portal Step 2: Go to Microsoft Entra ID and click on add user Step 3:Continue reading “Lab 1: Role Based Access Control”

Near Field Communication (NFC)

Near Field Communication, or NFC, is a short-range wireless communication technology that enables devices to interact with each other within a close proximity, typically within a few centimeters. It operates at a frequency of 13.56 MHz and can be used for various applications, such as contactless payment systems, secure access control, and data sharing between devicesContinue reading “Near Field Communication (NFC)”