Tag Archives: technology

Monthly Round Up for the month of August 2024

ADT confirms data breach after customer info leaked on hacking forum ADT, a leading American company in building security, has confirmed a data breach incident. The breach involved threat actors who allegedly leaked customer information on a well-known hacking forum. ADT, a publicly traded company, focuses on providing security and smart home solutions to bothContinue reading “Monthly Round Up for the month of August 2024”

Monthly Round Up for the month of June 2024

Synnovis Cyber Attack: A ransomware attack on Synnovis, a pathology laboratory in the UK, severely impacted NHS services in South East London. This attack led to the postponement of over 800 elective procedures and 700 outpatient appointments between June 3 and June 9, 2024. The recovery process is ongoing, and NHS England is working withContinue reading “Monthly Round Up for the month of June 2024”

Information Security Clauses for business contracts and agreements

In line with ISO 27001 and NIST. General Clauses Confidentiality and Data Protection: a. The Vendor shall treat all data and information provided by [Company Name], including but not limited to personal data, intellectual property, and confidential business information, as strictly confidential and shall not disclose, share, or use such data and information for anyContinue reading “Information Security Clauses for business contracts and agreements”

WiFi Security

WiFi is an acronym for ‘Wireless Fidelity’ which is one of methods by which computer/device may connect to the internet with out the use of wires. This is a technique of communication between the devices like routers, Computers, tablets, smartphones and other related hardware it makes use of radio frequencies. Security Risks and WiFi ThreatsContinue reading “WiFi Security”

Monthly Round Up for the month of May 2024

Nissan data breach exposed Social Security numbers of thousands of employees Nissan suffered a data breach last November in a ransomware attack that exposed the Social Security numbers of thousands of former and current employees, the Japanese automaker said 15th May.  Nissan’s U.S.-based subsidiary, Nissan North America, detailed the cyberattack in a May 15 letter toContinue reading “Monthly Round Up for the month of May 2024”

A.8 Technological Controls (34 Controls)

A.8.1 User end point devices Information stored on, processed by or accessible via user end point devices shall be protected. A.8.2 Privileged access rights The allocation and use of privileged access rights shall be restricted and managed. A.8.3 Information access restriction Access to information and other associated assets shall be restricted in accordance with theContinue reading “A.8 Technological Controls (34 Controls)”

A.7 Physical Controls (14 Controls)

A.7.1 Physical security perimeters Security perimeters shall be defined and used to protect areas that contain information and other associated assets. A.7.2 Physical entry Secure areas shall be protected by appropriate entry controls and access points. A.7.3 Securing offices, rooms and facilities Physical security for offices, rooms and facilities shall be designed and implemented. A.7.4Continue reading “A.7 Physical Controls (14 Controls)”

A.6 People Controls (8 Controls)

A.6.1 Screening Background verification checks on all candidates to become personnel shall be carried out prior to joining the organization and on an ongoing basis taking into consideration applicable laws, regulations and ethics and be proportional to the business requirements, the classification of the information to be accessed and the perceived risks. A.6.2 Terms andContinue reading “A.6 People Controls (8 Controls)”

A.5 Organizational Controls (37 Controls)

A.5.1 Policies for information security Information security policy and topic-specific policies shall be defined, approved by management, published, communicated to and acknowledged by relevant personnel and relevant interested parties, and reviewed at planned intervals and if significant changes occur. A.5.2 Information security roles and responsibilities Information security roles and responsibilities shall be defined and allocatedContinue reading “A.5 Organizational Controls (37 Controls)”