Volg ICTI

Blog Security

ISO27002:2022 – what’s new?

ISO27001:2013, a certification standard for Information Security Management systems, uses an extensive list of example control measures that organisations have to comply with, or explain the control is not applicable (comply or explain). This list of 114 controls is elaborated on in ISO27002, showing how to implement them in practice. After eight years, ISO27002 is…

Joost Krapels
wasp

New OWASP Top Ten 2021

Every few years, the OWASP Top Ten, a popular list of ten important risks for web applications, is updated. At the moment of writing this article, the Open Web Application Security Project (OWASP) version 2021 has just been released. In this article, we give a short explanation how the OWASP Top Ten works, and what…

Joost Krapels

Changes in CISSP: 2021 versus 2018

In April 2020, we wrote an article on the then current 2018 version of the Certified Information Systems Security Professional (CISSP) Body of Knowledge and provided a free study template. Technology evolves in a rapid pace, and with that the risks to an organisation’s information assets. The capabilities of and tools available to malicious actors…

Joost Krapels

How to improve your internet.nl score

Internet.nl is a service, co-created by the Dutch Government, for measuring the security of your website. The tool summarises many security aspects into two simple scores: one for websites and one for email. We use the service quite a lot, both for ICT Institute and our clients. Each score is between 0% and 100%. If…

Joost Krapels

Access Management: an introduction

Identity and Access Management, or IAM for short, is one of the cornerstones of Information Security. Organisations cannot protect the confidentiality, itegrity and availability of information entrusted to them if it can be seen, altered and deleted by anyone who simply desires to do so. In Information Security, we call the sequential steps required for…

Joost Krapels