Blog Security
ISO27002:2022 explained – Physical controls
In this article, we explain the new ISO 27002:2022 chapter 7 – Physical controls. This covers the controls necessary to protect information from physical threats. This is the third article in a series of four, each article covering one chapter: organization controls (chapter 5) people controls (chapter 6) physical controls (chapter 7)- This article technological…
Suzanne Atkins
ISO27002:2022 explained – People controls
In this article, we explain the new ISO 27002:2022 chapter 6 – People controls. This covers the controls required for secure human resources management. This is the second article in a series of four, each article covering one chapter: Organization controls (chapter 5) People controls (chapter 6) – This article Physical controls (chapter 7) Technological…
Suzanne Atkins
ISO27002:2022 explained – Organizational controls
The well-know information security standard ISO 27001 is always accompanied by its sister-norm ISO 27002. Where the former details how a well-functioning ISMS (Information Security Management System) should be set up and maintained, the latter goes into detail on the example security controls of ISO 27001’s appendix. ISO 27002 is about to receive an update,…
Joost Krapels
ISO27002:2022 – what’s new?
ISO 27001:2013, a certification standard for Information Security Management systems, uses an extensive list of example control measures that organisations have to comply with, or explain the control is not applicable (comply or explain). This list of 114 controls is elaborated on in ISO 27002, showing how to implement them in practice. After eight years,…
Joost Krapels
New OWASP Top Ten 2021
Every few years, the OWASP Top Ten, a popular list of ten important risks for web applications, is updated. At the moment of writing this article, the Open Web Application Security Project (OWASP) version 2021 has just been released. In this article, we give a short explanation how the OWASP Top Ten works, and what…
Joost Krapels