The ISO 31000:2009 is a standard published on the 13th of November 2009, and provides a standard on the implementation of risk management which provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment. ISO 31000 family is expected to include: * ISO 31000:2009 – Principles and Guidelines on Implementation * ISO/IEC 31010:2009 – Risk Management – Risk  Assessment Techniques * ISO Guide 73:2009 – Risk ManagementRead More →

Lean IT is an extension of Lean manufacturing and Lean services principles to the development and management of information technology (IT) products and services. Lean concept and principles are not new because they were developed by Toyota some decades ago, but the use of Lean on IT is new. Lean IT central concern, applied in the context of IT, is the elimination of waste (or fat), where waste is work that adds no value to a product or service developed/delivered by the company. The approach is a way of thinking and acting, focussing heavily on organizational culture. Lean IT is associated with the development andRead More →

IT Governance has an ISO, it is the ISO/IEC 38500:2008 “Corporate governance of information technology”. This standard was published in June 2008 and complements the set of ISO standards that affect the systems and information technologies (such as ISO/IEC 27001, ISO/IEC 20000, etc.). This rule sets standards for good management of business processes and decisions related to information and communication services that are usually managed by specialists in IS / internal or within other business units of the IT organization, such as suppliers external service. In essence, all that this proposed rule can be summarized into three main purposes: a) Ensure that, if the rule is followedRead More →

Companies increasingly have more presence on the Internet, this being actively or by the action of users and customers in opinion forums, blogs, etc. As a result, increasingly monitoring the assessment that the public (Internet) makes our business or organization on the Internet is becoming more important. Becoming increasingly critical to have the proper management of corporate reputation online. Digital identity and corporate reputation online today are very important aspects that companies should not be neglected, because of not having proper management of it, is exposing the organization to risks related to privacy and security that can affect the image of the company in theRead More →

In this post I will briefly introduce aspects of conducting a BIA (Business Impact Analysis), first a definition of what we mean by BIA: A BIA is a process of analyzing business functions and the effect that a break in the business could in such functions. The organization shall determine and document the impact of a break in activities that support key products and services. In a BIA criticism for achieving organizational areas and the potential magnitude of the operational and financial impacts are identified. Each activity that supports a key product or service, the organization must: a) Evaluate the impacts that would occur withRead More →

Whatsapp Sniffer: An example application that exploits security vulnerabilities Whatsapp Yes, WhatsApp, the famous messaging program that the vast majority of us use. The same program that lets you send free messages, photos, video and even our GPS location also has its dark side. Already been reported at different times and by different means WhatsApp is one of the most secure applications as it has many security holes and does not encrypt your data. This has led to different applications. I will mention one. WhatsApp Sniffer: As mentioned before, WhatsApp sends all our messages in plaintext, unencrypted. As anyone in the same WiFi can easily get theRead More →