Blog Security
ISO27002:2022 explained – Organizational controls
The information security standard ISO 27001 consists of a main structure and an annex of recommended controls. The recommended controls are further explained in an additional standard ISO 27002. The main structure explains how a well-functioning ISMS (Information Security Management System) should be set up and maintained. The controls are specific actions that organisations should…
Joost KrapelsISO27002:2022 – what’s new?
ISO 27001:2013, a certification standard for Information Security Management systems, uses an extensive list of example control measures that organisations have to comply with, or explain the control is not applicable (comply or explain). This list of 114 controls is elaborated on in ISO 27002, showing how to implement them in practice. After eight years,…
Joost KrapelsNew OWASP Top Ten 2021
Every few years, the OWASP Top Ten, a popular list of ten important risks for web applications, is updated. At the moment of writing this article, the Open Web Application Security Project (OWASP) version 2021 has just been released. In this article, we give a short explanation how the OWASP Top Ten works, and what…
Joost KrapelsChanges in CISSP: 2021 versus 2018
In April 2020, we wrote an article on the then current 2018 version of the Certified Information Systems Security Professional (CISSP) Body of Knowledge and provided a free study template. Technology evolves in a rapid pace, and with that the risks to an organisation’s information assets. The capabilities of and tools available to malicious actors…
Joost KrapelsHow to improve your internet.nl score
Internet.nl is a service, co-created by the Dutch Government, for measuring the security of your website. The tool summarises many security aspects into two simple scores: one for websites and one for email. We use the service quite a lot, both for ICT Institute and our clients. Each score is between 0% and 100%. If…
Joost Krapels