by Alex Cruden (TTL) | 15 Mar 2022 | Security Risk Compliance
Final Thoughts Recap We’ve covered a lot of ground since this series of security articles was first posted. Here’s a reminder of the main topics we’ve explored: Information Security Management System and How to Start Framework Focus Organisation Management Asset...
by Alex Cruden (TTL) | 8 Mar 2022 | Security Risk Compliance
BCP and DRP Requirements In business, when unexpected situations occur they can cause interruption or degradation of operational company functions. The best case scenario is that they cause nothing more than a minor inconvenience to an organisation. However, extreme...
by Alex Cruden (TTL) | 1 Mar 2022 | Security Risk Compliance
Third Party Relationships Requirements Most companies have relationships with third parties, such as suppliers and service providers, to perform functions that support the core activities of the company. These relationships will generally involve sharing information...
by Alex Cruden (TTL) | 22 Feb 2022 | Security Risk Compliance
Human Resources Requirements With people playing a major role in the implementation of security driven procedures and processes, it is critical that the management of that organisation’s human resource is aware of obligations in relation to this. Each of the different...
by Alex Cruden (TTL) | 15 Feb 2022 | Security Risk Compliance
Software Development Requirements The practice of developing application software can be described as a process that results in a type of computer program that performs a specific function. Generally speaking, each program is designed to assist the end user(s) with a...
by Alex Cruden (TTL) | 8 Feb 2022 | Security Risk Compliance
ICT Operational Management Requirements The operational functions performed by an ICT team are part of a large body of processes and procedures relating to how technology services are delivered to the organisation. Many ICT teams choose to align with a recognised...
by Alex Cruden (TTL) | 1 Feb 2022 | Security Risk Compliance
Use of ICT Systems Requirements A company’s technology asset comprises systems and components that are used to provide services to the end users of that technology. Typically, this includes a mixture of hardware and software components: back-end servers, storage,...
by Alex Cruden (TTL) | 25 Jan 2022 | Security Risk Compliance
Physical Security Requirements The topic of Physical Security addresses areas of security that relate to physical building access, management of physical assets, working in secure locations and environmental controls/conditions. Essentially, measures that concern...
by Alex Cruden (TTL) | 18 Jan 2022 | Security Risk Compliance
Access Control Requirements This topic is concerned with how access to information and information systems is managed, as distinct from the policies on who has access to information that is stored and moved within the technology environment (see earlier topic on...
by Alex Cruden (TTL) | 11 Jan 2022 | Security Risk Compliance
Information Management Requirements Information is the critical asset that is protected by an Information Security Management System. This particular section of an ISMS is the one that will have greatest influence on the number of measures and the level of detail in...
by Alex Cruden (TTL) | 4 Jan 2022 | Security Risk Compliance
Asset Management Requirements Assets, as they relate to information and technology facilities of an organisation, are typically identified and recorded in dedicated inventories as part of the overall technology documentation. To be effective, the register(s) should...
by Alex Cruden (TTL) | 28 Dec 2021 | Security Risk Compliance
Organisation Management Requirements When creating an ISMS, the topic of Organisation Management is concerned with definition of the roles and responsibilities to carry out the functions involved in the overall security framework. This is needed both for the creation...
by Alex Cruden (TTL) | 21 Dec 2021 | Security Risk Compliance
Security Framework Concept – The C-I-A Triad When building an Information Security Management System, there is a concept that should be followed to design the measures for protecting information stored in computer systems. This concept is known as C-I-A or...
by Alex Cruden (TTL) | 14 Dec 2021 | Security Risk Compliance
Building an ISMS The previous post in this series suggested an Information Security Management System is needed to manage your security effort. So, where to from here? Building an ISMS from scratch can be a monumental challenge, but it doesn’t have to be. It is common...
by Alex Cruden (TTL) | 7 Dec 2021 | Security Risk Compliance
This post introduces a common measure you can take to protect your digital assets and systems; an Information Security Management System, or ISMS. What is an ISMS? So what exactly is an Information Security Management System (ISMS)? Organisations concerned with the...
by Alex Cruden (TTL) | 30 Nov 2021 | Security Risk Compliance
What, why and some hard truths How is your tech security? Security, cyber-security, technology safeguards, data protection – call it what you will; these are all essentially parts of the same topic, albeit with a slightly different focus in each case. When we talk...
Recent Comments