Yearly Archives: 2023

Introduction: Organizations face the risk of information security incidents, which can cause harm to the organization, including financial loss, reputation damage, and legal consequences.  To minimize the impact of such incidents, organizations need to have an incident management process in place.  The A.16.1.6 control objective of the ISO/IEC 27001 standard […]

Introduction: Information security incidents are becoming increasingly common, and organisations need to be prepared to respond promptly and efficiently to such incidents.  ISO 27001, a standard for information security management, includes a set of controls under the section A.16 that deals with incident management.  A.16.1.5 focuses on the response to […]

Introduction: Incidents and security events can cause significant disruptions to an organization’s information security management system (ISMS).  It is, therefore, essential to have clear guidelines and procedures in place to assess and make decisions on information security events.  This is where A.16.1.4 of ISO 27001 comes into play.  This control […]

Introduction: Information security weaknesses can be detrimental to an organization’s operations, reputation, and assets.  To prevent such vulnerabilities, it is important to have reporting mechanisms in place for workers to report any unusual occurrence.  A.16.1.3 of the ISO/IEC 27001 standard focuses on the reporting of information security weaknesses, emphasizing the […]

Introduction: Prompt and effective reporting of information security events is crucial for organizations to mitigate the potential impact of incidents, near-misses, and weaknesses. A comprehensive reporting system is necessary for organizations to identify and respond to potential threats quickly. This article provides a checklist for organizations to assess their reporting […]

Introduction: Incidents related to information security can have a significant impact on an organization’s operations and reputation.  To mitigate such risks, organizations must have effective incident management policies and procedures in place.  This article provides a checklist for organizations to assess their incident management policies and procedures, and also review […]

Introduction: The services provided by suppliers are critical to the success of an organization. However, changes in the way contracted services are delivered or the introduction of new services can have an impact on the organization’s information security. Therefore, it is essential to have a process in place to manage […]

Introduction: In today’s interconnected business world, organizations rely on their suppliers to provide goods and services that are critical to their operations.  However, with this reliance comes the need for organizations to ensure that their suppliers meet the necessary security requirements.  This involves monitoring and reviewing supplier services to identify […]

Introduction: With the increasing reliance on information and communication technology (ICT) to run businesses, organizations need to ensure the security and integrity of their ICT supply chain.  However, this can be a challenging task, especially when parts of the supply chain are subcontracted.  It is crucial to verify the security […]

Introduction: In today’s interconnected business environment, supplier relationships play a critical role in ensuring the smooth functioning of any organization.  However, these relationships also come with inherent risks, particularly when it comes to information security.  Cyberattacks and data breaches are becoming increasingly common, and organizations must take proactive steps to […]