Introduction: The secure disposal of media is a critical aspect of information security management.  The A.8.3.2 control objective in the ISO/IEC 27001:2013 standard provides guidelines for the disposal of media.  Organizations must ensure that they dispose of media in a secure and responsible manner to prevent unauthorized access to sensitive […]

Introduction: As technology continues to advance, the use of removable media devices such as USB sticks, CDs/DVDs, tapes, and removable disk packs has become increasingly popular.  These devices provide an easy and convenient way to transfer and store information. However, they also pose significant information security risks if not managed […]

Introduction: Information is an essential asset for any organization, and it needs to be protected from unauthorized access, use, disclosure, disruption, modification, or destruction.  The ISO 27001 standard provides a framework for implementing an information security management system (ISMS) to protect the confidentiality, integrity, and availability of information.  Asset handling […]

Introduction: In today’s digital world, information has become a vital asset for individuals and businesses alike.  As the amount of information grows, it becomes essential to manage and label information accurately to ensure its protection and appropriate use.  This is where the A.8.2.2 Labelling of Information comes into play.  This […]

Introduction: In the world of cybersecurity, it is essential to maintain the confidentiality, integrity, and availability of sensitive information. A.8.2.1 of the ISO/IEC 27001 standard requires organizations to review policies, standards, procedures, guidelines, and associated records relating to information classification.  This article explores the importance of information classification, the aspects […]

Introduction: In any organization, the management of assets is critical for its smooth functioning.  This includes managing the return of assets issued to employees who have left the organization, be it lateral movers or those who have resigned or terminated.  The process of asset return should be clearly defined and […]

Introduction: As technology becomes more integrated into business operations, it is essential to have policies and procedures in place to ensure the proper and secure use of technology assets.  One such policy is the acceptable use of assets, which covers user behavior regarding the use of email, instant messaging, FTP, […]

Introduction: Information assets are vital components of an organization’s operations, and their security is of paramount importance.  Therefore, it is necessary to ensure that all critical information assets have appropriate accountable owners who can analyze and treat associated information risks.  This article aims to provide a checklist for organizations to […]

Introduction: In today’s digital age, companies store a vast amount of data, including business data, digital certificates, passwords, and biometrics.  It’s crucial for organizations to maintain an accurate inventory of their assets to secure their data effectively.  A comprehensive inventory management process helps organizations maintain a complete, accurate, and up-to-date […]

Introduction: In today’s digital age, information security incidents, privacy breaches, piracy, hacking, fraud, and industrial espionage are becoming increasingly common.  As a result, it is crucial for organizations to have a robust disciplinary process in place to deal with these types of incidents.  The A.7.2.3 control of the ISO 27001 […]