1.888.749.9800

ISO 27002

Most Commonly Overlooked Components of Operational Security

I was recently asked to comment on the most commonly overlooked components of operational security. To get the correct answer, sometimes it helps to take a step back and make sure you are asking the right question. The question should be “How do you ensure that your security program satisfies your operational security requirements?” With that question, […]

By |September 5th, 2017|Blog, ISO 27002|Comments Off on Most Commonly Overlooked Components of Operational Security

What Comes First, the 27001 or the 27002 ISO Standards?

There is something quirky about the 27000 series of standards published by the International Organization for Standardization (ISO).

Perhaps it is presented deliberately this way as a lesson in due diligence. Perhaps it is just a random error. But the standards are in the wrong numerical order. Judging from our interactions with company IT organizations, this […]

By |June 8th, 2017|Blog, ISO 27002|Comments Off on What Comes First, the 27001 or the 27002 ISO Standards?

Network Access Control (NAC)

Controlling access to the network is fundamental security control. For shared networks, the capability of users to connect to the network should be restricted. Well known security frameworks such as ISO 27002, Information technology – Security techniques – Code of practice for information security management, includes this control as a recommendation. And the […]

By |April 11th, 2017|Blog, ISO 27002, Uncategorized|Comments Off on Network Access Control (NAC)

9 common enterprise cybersecurity myths

Joe Stangarone, writer,  MRCs Cup of Joe Blog, August 4, 2015

Summary: Cyberattacks are more sophisticated and frequent than ever. The costs to recover from a data breach are now higher than ever. Yet, many companies remain unprepared for an attack. Why? In many cases, they believe some common cybersecurity myths, which can put their data (and their customer’s […]

By |August 4th, 2015|ISO 27002, News & Events, Uncategorized|Comments Off on 9 common enterprise cybersecurity myths
  • Permalink Gallery

    Device Settings that Help Prevent Unauthorized Information Disclosure

Device Settings that Help Prevent Unauthorized Information Disclosure

Following up on my recent post (“Always-on access, brings always threatening security risks”) I’d like to continue the conversation and discuss other device settings that help prevent unauthorized information disclosure.

Many organizations overlook the risks posed by Bluetooth. The security of Bluetooth has been slowly increasing over the years.  When it first appeared many devices had a hardcoded PIN of […]

By |July 13th, 2015|Blog, BYOD, ISO 27002|Comments Off on Device Settings that Help Prevent Unauthorized Information Disclosure

Always-on Access Brings Always-Threatening Security Risks

Always-on access to work for employees comes with always-threatening security risks

One of the controls that appears in ISO 27002, titled Information technology – Security techniques – Code of practice for information security management, suggests  that limiting the period during which connections to computer services are allowed reduces the window of opportunity for unauthorized access.  However, the current […]

By |June 25th, 2015|Blog, BYOD, ISO 27002|Comments Off on Always-on Access Brings Always-Threatening Security Risks
  • Permalink Gallery

    Key Steps Enterprise IT Can Take to Safeguard its Operations

Key Steps Enterprise IT Can Take to Safeguard its Operations

IT systems pervade enterprises.  Systems are increasingly complex; enterprises constantly seek more rapid deployments.  And enterprises are increasing the volume and diversity of the data collected and analyzed. All of these factors mean that enterprises cannot rely on a small set of steps to safeguard its operations. Well established security frameworks such as PCI, HIPAA, ISO 27002 […]

By |May 1st, 2015|Blog, ISO 27002, PCI Compliance, Uncategorized|Comments Off on Key Steps Enterprise IT Can Take to Safeguard its Operations
  • Permalink Gallery

    How Enterprises Can Protect Themselves from a Big Data Breach

How Enterprises Can Protect Themselves from a Big Data Breach

In the past year there have been a number of well publicized large scale data breaches of large enterprises.  Most recently the Sony breach has been dominating the news. There are articles that say in 2007, Sony’s executive director of information security said that he wasn’t willing to put up a lot of money to defend the company’s sensitive […]

By |January 19th, 2015|Blog, ISO 27002|Comments Off on How Enterprises Can Protect Themselves from a Big Data Breach
  • Permalink Gallery

    27 Data Security Experts Reveal The #1 Information Security Issue Most Companies Face With Cloud Computing & Storage

27 Data Security Experts Reveal The #1 Information Security Issue Most Companies Face With Cloud Computing & Storage

Digital Guardian, November 12, 2014

”What is the number one issue most companies face with cloud computing and data security, and what can they do to address the issue?”

Cloud computing is quickly becoming a mainstay for many technology companies today because of its superior flexibility, accessibility, and capacity compared to traditional online computing and storage methods. […]

By |November 12th, 2014|ISO 27002, News & Events, Uncategorized|Comments Off on 27 Data Security Experts Reveal The #1 Information Security Issue Most Companies Face With Cloud Computing & Storage
  • Permalink Gallery

    #1 Issue Companies Face with Cloud Computing and Data Security

#1 Issue Companies Face with Cloud Computing and Data Security

For companies purchasing cloud services, the number one priority should be how to evaluate the risk of using a particular vendor.

Many companies don’t have a solid process for determining how to evaluate a third party cloud vendor for risks nor how to assess the likelihood of a breach at a third party.  Too often, if a company does attempt […]

By |November 6th, 2014|Blog, ISO 27002|Comments Off on #1 Issue Companies Face with Cloud Computing and Data Security

How to Prevent Insider Threats

Samuel Greengard, contributing writer for CIO Insight, October 15, 2014

Insider threats aren’t going away anytime soon. Unfortunately, most businesses say they lack the ability to detect or deter them, nor are they adequately prepared for how to respond.

Over the last few years, especially in the wake of former contractor Edward Snowden’s disclosures about the National Security […]

By |October 17th, 2014|ISO 27002, News & Events, Penetration Testing|Comments Off on How to Prevent Insider Threats

Will security problems kill the cloud as we know it?

The cloud is here to stay. The industry continues to strive for understanding of the myriad of security concerns and develop methodologies for evaluating the risks. Existing, mature, security frameworks continue to provide a strong basis for evaluating the risk but there are a small number of additional issues that should be evaluated when performing an assessment.

When making a […]

By |August 6th, 2014|Blog, ISO 27002|Comments Off on Will security problems kill the cloud as we know it?