By:
On:
In: IT Security
With: 0 Comments

Cybersecurity, also known as “IT security” or “Computer security” is information security applied to computing devices such as servers, computers and mobile devices (as smartphones, tablets), etc., as well as computer networks such as private and public networks, including the whole Internet. Network outages, data compromised by hackers, social attacks, computer viruses and other security incidents could affect our lives in ways that range from inconvenient to life-threatening. As the number of mobile users and devices, web applications and data networks increase, so do the opportunities for exploitation. The 3 principles of Information, confidentiality, integrity and disponibility are protected by Cybersecurity. People is often the weakRead More →

By:
On:
In: IT Security
With: 0 Comments

The ISO 22301 Societal security – Business continuity management systems – Requirements is the standard created by leading experts on this area to provide the best framework for business continuity management in an organization. ISO 22301 is not that different from BS 25999-2 in most business continuity areas like business impact analysis, strategy or planning; the biggest changes are in the management part of the standard. Object: ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when theyRead More →

By:
On:
In: IT Security
With: 0 Comments

There are some important changes introduced on version ISO/IEC 27001:2013 Regarding the structure of this new version: More Domains: 14 domains in version 2013 instead of 11 in version 2005. The 3 new domains are: A.10: Cryptographic technology A.12: Operational security A.15: Security for suppliers and third parties Less Controls: 114 controls in version 2013 instead 133 in version 2005 The new controls are: A.6.1.5 Information security in project management A.12.6.2 Restrictions on software installation A.14.2.1 Secure development policy A.14.2.5 Secure system engineering principles A.14.2.6 Secure development environment A.14.2.8 System security testing A.15.1.1 Information security policy for supplier relationships A.15.1.3 Information and communication technology supply chainRead More →

By:
On:
In: IT Security
With: 0 Comments

The ISO 31000:2009 is a standard published on the 13th of November 2009, and provides a standard on the implementation of risk management which provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment. ISO 31000 family is expected to include: * ISO 31000:2009 – Principles and Guidelines on Implementation * ISO/IEC 31010:2009 – Risk Management – Risk  Assessment Techniques * ISO Guide 73:2009 – Risk ManagementRead More →

By:
On:
In: IT Security, Technology, Web position
With: 0 Comments

Companies increasingly have more presence on the Internet, this being actively or by the action of users and customers in opinion forums, blogs, etc. As a result, increasingly monitoring the assessment that the public (Internet) makes our business or organization on the Internet is becoming more important. Becoming increasingly critical to have the proper management of corporate reputation online. Digital identity and corporate reputation online today are very important aspects that companies should not be neglected, because of not having proper management of it, is exposing the organization to risks related to privacy and security that can affect the image of the company in theRead More →

By:
On:
In: IT Security
With: 0 Comments

In this post I will briefly introduce aspects of conducting a BIA (Business Impact Analysis), first a definition of what we mean by BIA: A BIA is a process of analyzing business functions and the effect that a break in the business could in such functions. The organization shall determine and document the impact of a break in activities that support key products and services. In a BIA criticism for achieving organizational areas and the potential magnitude of the operational and financial impacts are identified. Each activity that supports a key product or service, the organization must: a) Evaluate the impacts that would occur withRead More →