information security Archives - Page 3 of 3

Embracing Least Privilege for Stronger Information Security

By admin|2024-03-29T12:00:15+00:00April 1st, 2024|Cyber Security, ISO 27001 Controls|

Embracing Least Privilege for Stronger Information Security The principle of least privilege is a fundamental concept in information security that aims to restrict user access rights to only what is essential for performing their job role. By granting users the minimum level of access necessary, organisations can significantly reduce the risk of accidental or intentional misuse of sensitive data and systems. Least Privilege requires software and folders to be managed in a way that each user's access can be restricted to that information that they need [...]

0

Can I use a consultant in a different country to help us achieve ISO27001 certification?

By admin|2024-03-14T14:28:35+00:00March 18th, 2024|ISO27001 Implementation|

Can I use a consultant in a different country to help us achieve ISO27001 Certification? We are frequently asked this question, particularly by companies from the United States who want to work with us. In today's business landscape, information security knows no borders. As organisations increasingly operate across multiple regions and engage in cross-border transactions, the need for a standard approach to information security has never been more critical. That's where ISO 27001 comes in. It's an international standard that gives a proven framework for information [...]

0

ISO27001 – Control 5.4 – Management Responsibilities

By admin|2024-03-11T12:09:45+00:00March 12th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.4 - Management Responsibilities Control Management should require all personnel to apply information security in accordance with the established information security policy, topic-specific policies and procedures of the organisation. What this means For an organisation to effectively protect its information assets, it's not enough to just have security policies and procedures in place. The employees and personnel who handle that information daily need to be aware of the policies and diligent about following them. But ensuring this level of security awareness and [...]

0

ISO27001 – Control 5.3 – Segregation of Duties

By admin|2024-03-05T11:27:19+00:00March 5th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.3 - Segregation of Duties Control Conflicting duties and conflicting areas of responsibility should be segregated. What this means The purpose of this control is to ensure appropriate segregation of duties is in place to reduce the risks of fraudulent activities, human errors, and intentional bypassing of security controls that could compromise an organisation's information assets. In any organisation, there are certain roles and responsibilities that should never be combined under a single individual. This is because concentrating too many roles or privileges [...]

0

Bring Your Own Device (BYOD) – The risks and rewards

By admin|2024-02-23T09:48:44+00:00January 23rd, 2024|Cyber Security, Information Security|

Bring Your Own Device (BYOD) is a popular policy where employees use personal devices for work. This typically means using personal smartphones or laptops to access company systems and data. While convenient, BYOD introduces cybersecurity risks that organisations must address. Failure to secure personal devices puts sensitive company information at risk. When employees access internal systems on insecure devices outside the corporate network, businesses lose control of that data. Without proper BYOD policies and controls, unauthorised users could access sensitive information if a device is lost, [...]

0

Is ISO27001 better than ISO9001?

By admin|2024-02-23T10:00:27+00:00November 15th, 2023|ISO27001 Certification, ISO27001 Implementation, ISO9001|

Is ISO27001 better than ISO9001? ISO 27001 and ISO 9001 are two of the most widely used ISO management standards globally. But what exactly do they focus on and how do they differ? Here we will explain the unique objectives and scopes of ISO 27001 and ISO 9001 to help you understand which standard is most relevant for your organisation. ISO 27001 - Information Security Management ISO 27001 is specifically focused on information security. It has requirements for establishing, implementing, maintaining and continually improving an Information [...]

0

Who needs to be ISO27001 certified?

By admin|2024-02-23T13:03:20+00:00November 12th, 2023|ISO27001 Certification, ISO27001 Implementation|

ISO 27001 is an internationally recognised standard for information security management systems (ISMS). It provides a framework for organisations to manage their information security risks and protect sensitive data. Many companies are now seeking ISO 27001 certification to demonstrate their commitment to security and gain a competitive edge. Companies which are handling lots of personal information or confidential business information on behalf of their clients can demonstrate good security practices by obtaining ISO 27001 certification. This would include companies such as those working in market research, [...]

0

What is ISO27001 in the UK?

By admin|2024-02-23T13:12:18+00:00November 9th, 2023|ISO27001 Implementation|

What is ISO27001 in the UK? ISO27001 is the international standard (ISO) for Information Security Management Systems (ISMS). ISO 27001 has become one of the most widely adopted international standards for managing information security. It outlines the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). An Information Security Management System does what is says on the tin. It is designed to protect business information and ensure the Confidentiality, Integrity and Availability of business information. Confidentiality, Integrity and Availability are the [...]

0