Defense in depth also known as layered security, is a cybersecurity strategy used by organizations to secure and safeguard their network, system, and data. The strategy assumes that attackers will try to penetrate the organization’s defenses, so multiple layers of security controls (physical, technical, and administrative) are put in place to detect attackers at every […]
Held annually every 30th of November is the National Computer Security Day. A celebration that began in 1988 at a time that computers were becoming commonplace. This Day was created to raise awareness about cyber security issues and ways to keep all electronic devices and data protected from potential threats. Today, the internet and computers
National Computer Security Day Read More »
What is PII? The Nation Institute of Standard and Technology (NIST), defines personally identifiable information (PII) as Any information about an individual maintained by an agency, including any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or
Personally Identifiable Information (PII) Read More »
The Annex A of the ISO 27001 is also known as the Statement of Applicability (SOA). Because each organization differs, each organization must write its SOA. The Annex A of the ISO 27001 starts from A5-A18. These contain the information security operations controls which are important for managing and improving information security. Annex A5 Information
ISO 27001 Annex Explained Read More »
There is 11 clause in the ISO 27001 starting from 0-10. Clauses 0-3 are guidance clauses and not mandatory.Clauses 4-10 are mandatory and must be implemented in an organization that wants to achieve compliance. The ISO 27001 clauses are best implemented using the PDCA (Plan Do Check and Act) cycle. Clauses 4-7 are the plan
ISO 27001 clauses explained Read More »
ISO framework is a combination of policies and processes for organizations to use and the ISO 27001 provides such a framework to help organizations of any size to protect their information through the adoption of the Information Security Management System (ISMS).The information security management system (ISMS) consists of a set of policies, procedures, and various
It takes over 200 days before a breach is detected studies shows, and such breaches are detected by external parties rather than internal processes or monitoring. There is a huge lack of logging and monitoring in the world today. It’s part of the reason why companies fail to deal with security breaches effectively. Organizations need
Insufficient Logging and Monitoring Read More »
Apple has released a critical software patch to repair a security vulnerability after researchers discovered a security flaw that would allow hackers to infect your Apple devices even if you do nothing, and don’t click on a link. The zero-day attack was discovered by the researchers at the Citizen Lab. The Citizen Lab said the
Do you own an Apple device? Update it right now Read More »
A cyberattack on T-Mobile has exposed the information of over 40 million people. In a statement issued by the organization, that it had been investigating the data breach since last week when it was “informed of claims made in an online forum that a bad actor had compromised T-Mobile systems.” The company said the stolen files
T-Mobile Data Breach, Over 40 Million People Affected Read More »
The Open Web Application Security Project (OWASP) is a non-profit organization focused on improving the safety of software. It was founded in 2001 by Mark Curphey. OWASP features a range of tools it uses, methodologies, and libraries to see web application security to seek out security vulnerabilities in web applications. They even have documentation guidelines