TABLE OF CONTENTS:
Four Misconceptions About ISO/IEC 27001
Article tries to deconstruct some of the misconceptions about ISO/IEC 27001. This security management standard is said to require the introduction of control activities into the normal business and IT operations, which consequently increases the workload and causes operational inefficiencies. To unravel these allegations, we will look at four issues, but first we´ll start by an opening question: does your organization actually needs ISO/IEC 27001?
by Steve G Watkins
Article describes one recognised approach to delivering, or at least moving towards, a situation where ‘information security’ is aligned to the organisation’s objectives; how security measures to balance the confidentiality and availability of information whilst safeguarding its accuracy and completeness, can be achieved in a manner that aligns them to its business, legal, regulatory and contractual requirements. What’s more, it is an approach that enables the organisation adopting it to get an independent authority to provide an endorsement stating that their arrangements are ‘fit for purpose’.
Is Now the Time? ISO/IEC 27001 Information Security Management
by Alan Lund
It’s a growing world-wide issue – security breaches with loss of sensitive data. Open Security Foundation tracks both the largest and latest security vulnerabilities and data breaches across the globe. A recent check showed the largest breaches were 150,000,000 records by the Shanghai Roadway on March 17th of this year and 130,000,000 by the Hartland Payment System, Tower Federal Credit Union and Beverly National Bank back in January 2009. The most recent breaches, as of today, included 60,000 records by Pizza Hut on November 7th of this year.
ISO 27001 – Security Standard or Necessary Benchmark?
by Jared Carstensen
For many years, organisations have been required to report and communicate their security posture, and position related to the security of their assets housing sensitive, confidential or personal information. But how secure are they? What is the mechanism, or benchmark to measure security controls against? Is ISO 27001 the one that answers these questions and establishes security and risk credibility for an organisation? It certainly goes some way to doing that – but let’s discuss further.
The Weakest Links and Are We Testing Them?
by Alan Cook
When thinking about Information Security, we can sometimes be forgiven for thinking that technology is the answer to all our security problems. Though a little rare in these later times, hardware and software products are often sold as the ‘silver bullet’ to solve all our security or compliance woes, but it’s actually ‘People’ who represent the core operating component of any business and therefore are both a very real threat and blessing to our infrastructure and its layered Information Security Management System. It is therefore ‘people’ who are ultimately responsible for the success or failure of security in an organisation and it is they who need to be considered most within the scope of our security testing.
Integrating ISO/IEC 27001 to Increase Efficiency, Eliminate Redundancy, and Demonstrate Effectiveness
by John DiMaria
Never before have we witnessed the current pressure on businesses to protect their customers, employees, and proprietary business information. IT security is becoming increasingly threatened on all sides as businesses struggle to protect this information, including computer data, marketing strategies, tax and personnel records, financial data, communications, and business plans. This white paper discusses an integrated approach to information security and how it can manage real risks associated with internal security and validity, complying with regulatory requirements, and e-Discovery, or providing a legal proceeding with litigation-ready records. According to an online article from LAW.com, more than 90 percent of new business records are created electronically, and 40 percent of them are never converted to paper.
Information Security Governance
by Robert E. Davis, MBA, CISA, CICA
“The information possessed by an organization is among its most valuable assets and is critical to its success. The Board of Directors, which is ultimately accountable for the organization’s success, is therefore responsible for the protection of its information. The protection of this information can be achieved only through effective management and assured only through effective board oversight.”
Uncovering the Jammers: Learn How They Operate and What to do To Beat Them
by Konstantinos Pelechrinis
The open nature of the wireless channel, makes it easy for adversarial users to launch successful denial-of-service attacks. One of the easiest, yet one of the hardest to defend, is that of jamming. While any wireless technology can suffer from jamming attacks, in this article we will focus our attention to WiFi (i.e., 802.11) networks. In particular, I will explain the attack threat and the possible ways to mitigate its effects. Readers should be familiar with the basic operations of a WiFi network, even though I will try to provide any necessary information in the article.
The Security Trifecta: IT Security Governance Demystified
by Michael D. Peters
Article is focused on helping you understand the fundamental elements that an IT security governance program should have in place. Author also expound a bit and include some of the governance supporting functions to help illustrate how IT security governance would be integrated within your corporate IT security department.
Bacteria Foraging Optimization for Fake Website Detection
by Radha Damodaram
Article presents an approach to overcome the difficulty and complexity in detecting and predicting phishing websites. Existing system is an intelligent resilient and effective model that is based on using association and classification Data Mining algorithms. These algorithms were used to characterize and identify all the factors and rules in order to classify the phishing website and the relationship that correlate them with each other also compared their performances, accuracy, number of rules generated and speed. Even though the rules generated from the associative classification model showed the relationship between some important characteristics like URL and Domain Identity, and Security and Encryption criteria in the final phishing detection rate, there is no optimal solution. Read to learn more!
Prof. Robert E. Davis, MBA, CISA, CICA, Interview
by Aby Rao
How and when I started my career as an information systems auditor was both circumstantial and predestined… learn more about our special guest!