by Alex Cruden (TTL) | 14 Oct 2022 | Security Risk Compliance
Cyber Smart Week 2022 Overview The world of cyber security is fast-moving and complex. Online threats and scams like phishing, virus, ransomware, etc can impact anyone. As the time we’re spending online increases, so do the security risks. CERT NZ is the New Zealand...
by Alex Cruden (TTL) | 15 Mar 2022 | Security Risk Compliance
Final Thoughts Recap We’ve covered a lot of ground since this series of security articles was first posted. Here’s a reminder of the main topics we’ve explored: Information Security Management System and How to Start Framework Focus Organisation Management Asset...
by Alex Cruden (TTL) | 8 Mar 2022 | Security Risk Compliance
BCP and DRP Requirements In business, BCP and DRP are essential to help deal with unexpected situations. This is because they can cause interruption or degradation of operational company functions. The best case scenario is that they cause nothing more than a minor...
by Alex Cruden (TTL) | 1 Mar 2022 | Security Risk Compliance
Third Party Relationships Requirements Most companies have relationships with third parties, such as suppliers and service providers, to perform functions that support the core activities of the company. These relationships will generally involve sharing information...
by Alex Cruden (TTL) | 22 Feb 2022 | Security Risk Compliance
Human Resource Management Requirements People play a major role in the implementation of security driven procedures and processes. It is critical that the management of that organisation’s human resource is aware of obligations in relation to security. Each of the...
by Alex Cruden (TTL) | 15 Feb 2022 | Security Risk Compliance
Software Development Requirements The practice of developing application software can be described as a process that results in a type of computer program that performs a specific function. Generally speaking, each program is designed to assist the end user(s) with a...
by Alex Cruden (TTL) | 8 Feb 2022 | Security Risk Compliance
ICT Operational Management Requirements The operational functions performed by an ICT team are part of a large body of processes and procedures relating to how technology services are delivered to the organisation. Many ICT teams choose to align with a recognised...
by Alex Cruden (TTL) | 1 Feb 2022 | Security Risk Compliance
Use of ICT Systems Requirements A company’s technology asset comprises systems and components used to provide services to the end users of that technology. Typically, this includes a mixture of hardware and software components. For example: back-end servers, storage,...
by Alex Cruden (TTL) | 25 Jan 2022 | Security Risk Compliance
Physical Security Requirements The topic of Physical Security addresses areas of security that relate to physical building access. Additionally, this involves the management of physical assets. Also working in secure locations and environmental controls/conditions....
by Alex Cruden (TTL) | 18 Jan 2022 | Security Risk Compliance
Access Control Requirements Access control concerns how access to information and systems are managed, distinct from the policies on who has access. (see earlier topic on Information Management). Access to information and application system functions should be...
by Alex Cruden (TTL) | 11 Jan 2022 | Security Risk Compliance
Information Management Requirements Information is the critical asset that is protected by an Information Security Management System. This section of the ISMS will have greatest influence on the measures and the level of detail in policies. It is also the area that is...
by Alex Cruden (TTL) | 4 Jan 2022 | Security Risk Compliance
Asset Management Requirements Technology assets are typically identified and recorded in dedicated inventories as part of the overall ICT documentation set. To be effective, the register(s) should include all aspects of information technology. For example:...
by Alex Cruden (TTL) | 28 Dec 2021 | Security Risk Compliance
Organisation Management Requirements In an ISMS, Organisation Management is concerned with definition of roles and responsibilities for functions of the overall security framework. This is needed for the creation of the ISMS and ongoing management of policies and...
by Alex Cruden (TTL) | 21 Dec 2021 | Security Risk Compliance
Security Framework Focus Concept – The C-I-A Triad When building an ISMS, there is a concept that should be followed to design the measures for protecting information. This concept is known as C-I-A or Confidentiality, Integrity and Availability. The three...
by Alex Cruden (TTL) | 14 Dec 2021 | Security Risk Compliance
Building an ISMS The previous post in this series suggested an Information Security Management System is needed to manage your security effort. So, where to from here? Building an ISMS from scratch can be a monumental challenge, but it doesn’t have to be. It is common...
by Alex Cruden (TTL) | 7 Dec 2021 | Security Risk Compliance
This post introduces a common measure you can take to protect your digital assets and systems; an Information Security Management System, or ISMS. What is an ISMS? So what exactly is an Information Security Management System (ISMS)? Organisations concerned with...
Recent Comments