Technical compliance review is a crucial process in maintaining the security of IT systems and networks.  It involves regularly testing the systems and networks for compliance with defined technical security requirements to identify vulnerabilities and potential risks.

Introduction: Maintaining information security is a crucial aspect for any organization.  One of the critical components of information security is compliance with security policies and standards.  Compliance ensures that the organization is adhering to the required security practices and mitigating any risks to the business.  This article will explore the […]

Introduction: In today’s digital age, information security is a critical aspect of any organization’s operations.  Failure to properly secure information can lead to significant financial losses, reputational damage, and legal liability.  It is therefore essential that organizations regularly review their information risk and security arrangements to ensure they are suitable […]

Introduction: A.18.1.5, Regulation of Cryptographic Controls, is a crucial aspect of information security management.  It requires that an organization’s use of cryptography is compliant with all relevant laws, agreements, and regulations.  Cryptography is the process of using codes or ciphers to protect information from unauthorized access or modification, and it […]

Introduction: Information privacy is a critical aspect of any organization’s operations.  The mishandling of personally identifiable information (PII) can lead to serious reputational and legal consequences for businesses.  A.18.1.4 of the ISO 27001 standard provides guidelines for ensuring the privacy and protection of PII. In this article, we will discuss […]

Introduction: The protection of organizational records is an essential aspect of information security.  A.18.1.3 of the ISO 27001 standard outlines the requirements for the protection of records.  The standard calls for a policy on records management that covers control requirements such as classification, categorization, record types, retention periods, allowable storage […]

Introduction: Intellectual property rights are a vital aspect of any organization, especially in the digital age where copyrighted materials and patented software are widely used.  The A.18.1.2 control objective of ISO/IEC 27001:2013 highlights the importance of implementing policies and procedures to ensure compliance with intellectual property rights.  This article will […]

Introduction: Compliance is an essential aspect of information security management, ensuring that organizations meet legal, regulatory, and contractual requirements.  The standard A.18.1.1 Identification of Applicable Legislation and Contractual Requirements emphasizes the importance of having a policy and compliance register to maintain compliance with various regulations.  The standard also focuses on […]

Introduction: Availability of information processing facilities is a critical aspect of information security management.  It is imperative that organizations maintain the availability of their ICT services to avoid any disruptions to their business operations.  The availability requirements for ICT services must be identified, and suitable arrangements must be put in […]

Introduction: Business continuity is a crucial aspect of information security management.  It ensures that an organization can maintain critical business functions and recover from disruptions in case of unforeseen events such as natural disasters, cyber-attacks, or any other incidents that can disrupt normal business operations.  ISO 27001 A.17.1.3 provides guidelines […]