Business Continuity Plan (BCP) is a very important topic any organization or company need to consider seriously. During 2007, the first international regulation was presented in which it is indicated that aspects must be taken into account when creating and implementing a Business Continuity Plan (BCP) in an organization. This regulation was called BS 25999. During 2012, ISO 22301:2012 replaced BS 25999-2. These 2 standards are quite similar, but the ISO 22301: 2012 standard can be considered as an update to BS 25999-2. “ISO 22301 Societal security – Business continuity management systems – Requirements”. This standard was created by leading experts in this area to provide theRead More →

Business Continuity Plan (BCP) is a very important topic any organization or company need to consider seriously. A BCP defines how to operate during an interruption of the disaster business (it is like the ‘Front end’ of the Business Continuity Management System called also BCMS). It focuses on “how to operate while we are in contingency”. I created 2 presentations about Business Continuity Plan; this is the first of these 2 documents. This presentation incluse all these topics: 1. Contingencies and organizational resilience 2. DRP and BCP 3. Business Continuity Plan: General principles 4. Structure and phases of a Business Continuity Plan 5. Business Impact Analysis (BIA)Read More →

Following our last topic, risk analysis, in this new post I would like to remark there are different risk analysis metodologies, but finally all of them are tools which give us the way to do a revision of our situation, with the objective of reduce our residual risk with the use of controls in an efficient way. Normally is difficult to justify the investment of money in Cybersecurity. Using a risk analysis metodology, we can justify in an easier way our CAPEX because these metodologies could be a part of a business case (we can calculate our asset value and also possible impact and risk).Read More →

Risk Analysis is one of the first steps to do when we want to create: An ISMS (Information Security Management System) An BCMS (Business Continuity Management System) An BIA (Business Impact Analysis) A PIA (Private Impact Analysis) A Project Etc. In the moment of doing a risk analysis, we are in the first step of a PDCA process (Plan – do – check – act, also called Deming circle) so it is very important to do a good analysis. All the other processes depends on our first analysis. I created 2 presentations about Risk Analysis & Risk Management; this is the first of these 2 documents.Read More →

One of the procedural measures that have been introduced by Organic Law 13/2015, of October 5 (Spain), amending the Criminal Procedure Law for strengthening procedural safeguards and regulating technological research measures allows the Judicial Police The recording and recording of oral communications through the use of electronic devices and the use of technical devices for image capture, tracking and localization. The Judicial Police has all these technical tools: Tracking Devices Localization devices Image Capture Devices Voice Communication Intercept Devices Interception devices for telematic communications (eg, the possibility of identifying the IP, IMEI, device, etc.) Registration of Mass Storage Information Devices Remote logs on computer equipmentRead More →

In the last years we are reading more and more news about massive (millions) breach of passwords in web services as communities, emails services, cloud services and others. Hackers simply are obtaining money stealing passwords and selling or misusing them. This presentation is focus on how to protect our accounts and with this also keep sure our digital identity, our image and also our money safe from hackers businesses. You can see my presentation here: https://www.slideshare.net/RamiroCid/passwords-for-sale    Read More →