ISO27001 – Control 5.7 – Threat Intelligence

By |2024-04-26T17:58:33+01:00April 26th, 2024|Cyber Security, Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.7 - Threat Intelligence Control Information relating to information security threats should be collected and analysed to produce threat intelligence. What this means Organizations should gather and analyze information about security threats to understand the risks they face. This "threat intelligence" can help them take appropriate actions to prevent attacks or reduce the impact of an attack. Threat intelligence has three levels: Strategic - High-level information about the overall landscape of threats and attackers Tactical - Details on the methods, tools, and technologies [...]

Read More
 0

ISO27001 – Control 5.6 – Contact with Special Interest Groups

By |2024-04-11T14:58:45+01:00April 15th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.6 - Contact with Special Interest Groups Control The organization shall establish and maintain contact with special interest groups or other specialist security forums and professional associations. What this means As an organization, it's important to establish and maintain contact with special interest groups, security forums, and professional associations related to information security. Why is this important? The goal is to ensure there is an appropriate flow of information when it comes to information security. How can you do this? Here are some [...]

Read More
 0

ISO27001 – Control 5.4 – Management Responsibilities

By |2024-03-11T12:09:45+00:00March 12th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.4 - Management Responsibilities Control Management should require all personnel to apply information security in accordance with the established information security policy, topic-specific policies and procedures of the organisation. What this means   For an organisation to effectively protect its information assets, it's not enough to just have security policies and procedures in place. The employees and personnel who handle that information daily need to be aware of the policies and diligent about following them. But ensuring this level of security awareness and [...]

Read More
 0

ISO27001 – Control 5.3 – Segregation of Duties

By |2024-03-05T11:27:19+00:00March 5th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.3 - Segregation of Duties Control Conflicting duties and conflicting areas of responsibility should be segregated. What this means The purpose of this control is to ensure appropriate segregation of duties is in place to reduce the risks of fraudulent activities, human errors, and intentional bypassing of security controls that could compromise an organisation's information assets. In any organisation, there are certain roles and responsibilities that should never be combined under a single individual. This is because concentrating too many roles or privileges [...]

Read More
 0

Bring Your Own Device (BYOD) – The risks and rewards

By |2024-02-23T09:48:44+00:00January 23rd, 2024|Cyber Security, Information Security|

Bring Your Own Device (BYOD) is a popular policy where employees use personal devices for work. This typically means using personal smartphones or laptops to access company systems and data. While convenient, BYOD introduces cybersecurity risks that organisations must address. Failure to secure personal devices puts sensitive company information at risk. When employees access internal systems on insecure devices outside the corporate network, businesses lose control of that data. Without proper BYOD policies and controls, unauthorised users could access sensitive information if a device is lost, [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top