More results...
Having put it off for far too long, I’m belatedly trying to catch up with some standards work in the area of Root of Trust, which for me meant starting with the basics, studying simple introductory articles about RoT.As far as I can tell so far, RoT i…
Following its exit from the EU, the UK is having to pick up on various important matters that were previously covered by EU laws and regulations. One such issue is to be addressed through a new law on online safety.”Online safety: what’s that?” I hear …
Compliance is a concern that pops up repeatedly on the ISO27k Forum, just this morning for instance. Intrigued by ISO 27001 Annex A control A.18.1.1 “Identification of applicable legislation and contractual requirements”, members generally ask wh…
News emerged during June of likely further delays to the publication of the third edition of ISO/IEC 27001, this time due to the need to re-align the main body clauses with ISO’s revised management systems template (specfically, the 2022 edition of the…
Inspired by an exchange on the ISO27k Forum yesterday morning, I wrote and published a simple 2-page exemptions policy template for SecAware. In essence, after explaining what ‘exemptions’ are, the policy requires that they are authorised after du…
Although the
organisational/business context is clearly relevant and important to information risk and
security management, it is tricky to describe. In my opinion, clause 4 of ISO/IEC 27001 is so succinct that it leaves readers perplexed as to …
For some curious reason, the Statement of Applicability steals the limelight in the ISO27k world, despite being little more than a formality. Having recently blogged about the dreaded SoA, ’nuff said on that.Today I’m picking up on the SoA’s shy …
Thinking about the principles underpinning information risk and security, here’s a tidy little stack of 44 “Hinson tips” – one-liners to set the old brain cells working this chilly mid-Winter morning:Address information confidentiality, integrity and a…
The SecAware corporate information security policy template incorporates a set of generic principles for information risk and security such as “Our Information Security Management System
conforms to generally accepted good security practices as descri…
Optimism bias is the belief that each of us is more likely to experience good outcomes and less likely to experience bad outcomes. How prevalent is this in the cybersecurity industry? If you’re a salty security professional like me, you already know the answer.