IsAuditing.com (Information Systems Audit & Security)
All about IS audit, CISA, and Information Security
Securing a network is of paramount importance for businesses in this age where digital information, which is also the lifeblood of companies, travels through the network. A network security policy serves as the fundamental framework comprising rules, guidelines and procedures for safeguarding the critical data that travels on network and the digital assets that process … Read more
Information security risk refers to the damage that may result from a successful attack against IT systems. This risk can lead to a range of security incidents like data breaches, noncompliance with regulatory requirements, reputational loss, and financial costs. Difference between risk and threat There is a little and subtle difference between risk and threat, … Read more
According to Cost of a Data Breach Report 2023 from IBM, one data breach, on average, costs $4.5 million. This has increased 15 percent over the past three years. If you look up online for types of data breaches, you will most likely see ransomware, malware, phishing etc. listed as types. But these are the … Read more
At the core of information security is protecting organizational assets, including hardware, software, data, information and people against risks. Any policies and actions taken to help reduce, eliminate or mitigate these risks to assets are called security control. In this article, we will discuss about types of security controls that exist. But before we talk … Read more
One of the core policies in an information security management system is the access control policy. It is also one of the critical domains of ISO 27001 controls. This policy aims to manage and minimize the potential exposure of an organization’s information and data from unauthorized access, which will optimize the confidentiality, integrity, and availability … Read more
Technology empowers our lives and makes them easier, but it brings its own risks called cyber threats. Organizations institute an information security management system (ISMS) to protect themselves better from such malicious attacks and data exposure. In this write up, we will be looking in detail at the definitions of an ISMS, its objectives, and … Read more
If you are studying information security at a university, or you have completed your studies and looking to do some projects based on cyber security to build your portfolio, having a look at the possible topics of such projects is a good idea. It is almost certain that you will be required to complete a … Read more
ISO 27001 is the dominant standard that helps organizations and companies protect their assets against the risk and vulnerabilities of cyber attacks and other IT security and privacy disruptions. The standard provides a well-rounded model for setting up an information security management system with recommended ISO 27001 controls. How ISO 270012022 will benefit your organization: … Read more
From a layman’s perspective, information security architecture (ISA) is one segment of an organization’s enterprise architecture with a laser focus on securing enterprise data and information systems hosting that data. What is information security architecture? A more technical definition is provided by NIST (National Institute of Standards and Technology), which states that the “information security … Read more
Software security is a challenge of enormous proportions because every critical function of our lives is now dependent on software. Insecure software not only causes inconvenience but, more importantly, can critically affect an organization. One of the foremost champions of web software security is The Open Web Application Security Project (OWASP), which is also known … Read more