Whether we like it or not, it is a simple fact that crime is becoming more and more sophisticated and that criminals tend to be a step or two ahead of what either we as individuals are doing or even the large, multinational corporations’ activity. Criminal activity has moved on from running into a bank with a sawn off shotgun and demanding the safe be emptied. Indeed, you’re more likely to get away with a bounty in the modern world by hacking into a business’ computer system for either employee or company information and attempting a fraudulent scheme in that respect. Continue reading
After answering the question “What is ISO 27001?”, you might want to know more about ISO 27001 controls and objectives. These are listed Annex A of the standard where you can find 133 controls and 39 control objectives. For those of you who don’t know, a control is a measure to deal with an unwanted event. For example, let’s say the organisation has very sensitive information on a salesman’s laptop. They consider the risk of data breach unacceptable, so they implement cryptographic controls. This will ensure that if a memory medium is lost (e.g. the notebook’s hard drive), at least it has a layer of protection and they won’t Continue reading
What is ISO 27001 ? ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements (commonly known as ISO 27001) is a set of best practices that defines a certifiable information security management system (ISMS). The framework establishes the general principles to initiate, implement, maintain and continually improve an ISMS within the organisation. Compliance with ISO 27001 will assure the organisation that it addresses issues in a holistic manner. More important, it will assure its clients and partners that information security is regarded as an important subject.