Blog Security
Understanding Social Engineering attacks at CHI 2025
This April, I’ll be presenting my research on social engineering attacks at the 2025 ACM Conference on Human Factors in Computing Systems (CHI) in Yokohama, Japan. CHI brings together a global community of researchers, designers, and practitioners who explore the future of how humans interact with technology. As the premier conference on Human-Computer Interaction, this…
Pavlo Burda
Training implementing ISO 27001 with certificate
If you work in a security team that uses the standard ISO 27001, it is useful to complete a formal ISO 27001 training so that you use the standard correctly. We are now offering a short course that covers the fundamentals of information security based on ISO 27001.
Sieuwert van Otterloo
ISO 27001 technological controls for software development
The latest version of ISO 27001 contains multiple controls about secure development, engineering, coding and testing that seem to overlap. In this article we provide guidance how to implement these controls. The overlapping controls explained are 8.25, 8.26, 8.27 and 8.28. We also cover 8.31 and 8.33 (test environments and test information).
Sieuwert van Otterloo
ITIL and service management: a short introduction
ITIL, the standard for service management, is an important standard for people who want to understand how IT is used in practice. It is especially important for professionals that want to grow beyond software development into IT management, since it complements software development really well.
Sieuwert van Otterloo
open standard Security Verified updated
Last month (feb 2024), the 2024 version of the open information security standard ‘Security Verified’ was released. This new version contains small changes to make it more readable and easier to combine with the latest version of ISO 27001.
Sieuwert van Otterloo