Volg ICTI

Blog information security

Photo by Buddy AN on Unsplash

Access Management: an introduction

You can have the best firewalls and the tightest encryption, but if your data bucket is openly reachable online or a former contractor’s account is still active after years, these technological controls are not really protecting you. Indeed, broken access control and security misconfiguration stay the two top risks for web apps. This is where…

Pavlo Burda

The ISO 27001 Harmonized Structure

In this article, we walk through the Harmonized Structure of the ISO 27001 (Chapters 4-10) and explain how to implement it using the Plan-Do-Check-Act (PDCA) cycle. This will be the basis for your Information Security Management System (ISMS) according to the standard. The “engine” of the ISMS: Chapters 4 to 10 ISO 27001 is structured…

Pavlo Burda

Supplier management in ISO 27001

Since suppliers often have access to information assets that are critical to business operations, the ISO 27001 standard dedicates a full set of organizational controls (5.19–5.23) to managing information security risks in supplier relationships. In this article, we explain these controls and provide a supplier register template.

Pavlo Burda

ISO 27001 technological controls for software development

The latest version of ISO 27001 contains multiple controls about secure development, engineering, coding and testing that seem to overlap. In this article we provide guidance how to implement these controls. The overlapping controls explained are 8.25, 8.26, 8.27 and 8.28. We also cover 8.31 and 8.33 (test environments and test information).

Sieuwert van Otterloo

NOREA recommends CIS controls against ransomware

NOREA, the Dutch professional organisation of IT auditors, has conducted a study into a framework for ransomware measures, in response to the increasing ransomware attacks that have been reported in the news, both internationally and in the Netherlands. The use of ransomware has been around for quite some time, however it is very evident that…

Sieuwert van Otterloo