Blog Security
Access Management: an introduction
Identity and Access Management, or IAM for short, is one of the cornerstones of Information Security. Organisations cannot protect the confidentiality, itegrity and availability of information entrusted to them if it can be seen, altered and deleted by anyone who simply desires to do so. In Information Security, we call the sequential steps required for…
Joost KrapelsISO 31000 in relation to ISO 27001
Risk management plays a very important role in an ISO 27001 Information Security Management System (ISMS). At the end of paragraph 6.1 “Actions to address risks and opportunities” there is however a reference to a fairly unknown norm ISO 31000. What is the relationship between ISO 31000 and ISO 27001? In this blog we briefly…
Jelle HoekstraRansomware in the Covid-19 era
Ransomware has been a well-known phenomenon for a while, but in recent weeks, increased activity has been observed due to the corona crisis. It is currently very busy at healthcare institutions and staff are working overtime under stress. Attackers try to take advantage of the situation. For example, we received input from a hospital, where…
Floris van den Broek2020 information science research agenda
At ICT Institute we aim to combine academic research and practical applications. One way we do this, is by selecting topics for information research. Below is the list of topics that we identified as relevant in 2020. For each topic, one or more students from the Amsterdam Vrije Universiteit will write a thesis. A total…
Sieuwert van OtterlooChecklist for an information security audit
Several participants of our information security training course have asked us for an audit plan checklist. In this article we share our checklist based on the official IRCA/CQI guidelines. The checklist is applicable to both internal and external audits. It was designed for ISO 27001 audits but can also be used for other ISO standards.Â
Sieuwert van Otterloo