Introduction: Information technology (IT) systems are the backbone of modern organizations, and changes to these systems are inevitable due to various reasons such as software updates, hardware changes, and so on. However, any changes to IT systems can introduce vulnerabilities, which can be exploited by attackers. Therefore, it is essential […]
E Z
91 posts
Introduction: In the world of technology, software and hardware are continually updated and patched to keep them functioning optimally and secure. When these changes occur, it is essential to evaluate and review the systems’ security to ensure they remain secure. The A.14.2.3 technical review of applications after operating platform changes […]
Introduction: IT system change management has become critical for organizations to ensure the security, reliability, and performance of their systems. The ISO 27001 standard provides guidance on ensuring effective system change control procedures to manage IT changes in a systematic and controlled manner. This article will discuss ISO 27001’s A.14.2.2 […]
Introduction: In today’s world, the development of software, services, and applications has become increasingly important for businesses of all sizes. However, with the increased use of technology comes an increased risk of cyber threats, and it is essential for organizations to have robust security measures in place. A.14.2.1 of the […]
Introduction: The protection of application services transactions is critical for ensuring the integrity, confidentiality, and availability of data. A.14.1.3 of ISO/IEC 27001:2013 provides guidance on how organizations can protect application services transactions. This article will discuss the key points of A.14.1.3 and provide a sample checklist to help organizations ensure […]
Introduction: In today’s digital age, web-based applications and eCommerce systems are essential for many organizations. However, the convenience and accessibility of these systems come with the risk of cyber threats, including unauthorized access, data breaches, and service interruptions. Information security controls are crucial in securing application services on public networks. […]
Introduction: In today’s world, information is one of the most valuable assets of an organization. Information Security is an essential aspect of protecting the confidentiality, integrity, and availability of information. A.14.1.1 Information Security Requirements Analysis and Specifications is an important part of the Information Security Management System (ISMS) that organizations […]
Introduction: Confidentiality or non-disclosure agreements (NDAs) are legal documents that protect sensitive or confidential information shared between parties. These agreements are crucial for safeguarding sensitive data and ensuring compliance with privacy laws and regulations. A.13.2.4 of ISO/IEC 27001:2013 focuses on the implementation and management of confidentiality and non-disclosure agreements in […]
Introduction: As technology continues to advance, electronic messaging has become an integral part of modern communication. This is why organizations must have proper policies and controls in place to ensure the security of electronic messaging systems. A.13.2.3 of the ISO/IEC 27001 standard deals with the policies and control requirements around […]
Introduction: In the digital age, information transfer is an essential part of any organization’s daily operations. However, the transfer of sensitive or confidential information requires special attention to ensure that it remains secure and confidential. This is where A.13.2.2 of ISO 27001 comes into play. This control aims to ensure […]