More results...
Control 5.9 in ISO/IEC 27002:2022 recommends an inventory of information assets that should be “accurate, up to date, consistent and aligned with other inventories”. Fair enough, but what are ‘information assets’? What, exactly, are we suppo…
Inspired by an exchange on the ISO27k Forum yesterday morning, I wrote and published a simple 2-page exemptions policy template for SecAware. In essence, after explaining what ‘exemptions’ are, the policy requires that they are authorised after du…
Although the
organisational/business context is clearly relevant and important to information risk and
security management, it is tricky to describe. In my opinion, clause 4 of ISO/IEC 27001 is so succinct that it leaves readers perplexed as to …
The SecAware corporate information security policy template incorporates a set of generic principles for information risk and security such as “Our Information Security Management System
conforms to generally accepted good security practices as descri…
Inspired by an insightful comment on LinkeDin from an SC 27 colleague on the other side of the world (thanks Lars!), I spent most of last week updating the SecAware security policy templates and ISO27k ISMS materials.The main change was to distinguish …
Introduction Online shopping digital payment transactions may seem quite simple, but in reality, just one single transaction sets off multiple, long-chain reactions. The Payment Card Industry comprises debit cards, credit cards, prepaid, e-purse/e-wall…
Data security and privacy compliance and competitiveness are one in the same for law firms.
Data Masking/Tokenization/Anonymization replaces sensitive information with fictitious data while retaining the original data format. The data masking process lets you continue to work with your data as if it were not encrypted. Databa…
The ITAR (International Traffic in Arms Regulations) legislation details what measures businesses and individuals must take to comply with ITAR requirements and specifies severe penalties, both civil and criminal, for non-compliance. The reach…
Countries are establishing data residency regulation to protect private and classified data generated from their citizen by mandating storing this information within that country (the country of origin). The theory is that the laws of the coun…