1) At the moment there’s more than 6000 ISO 27001 certified organisations
worldwide. Organisation which is ISO 27001 certified tends to do business
with other organisations that are certified. Lack of ISO 27001 certificate
may be just the thing that drags you down. In many cases, if your company is
not ISO 27001 certified, then as a supplier you wont even get a chance to
bid. Just ask japanese ICT service providers. If other vendors are certified,
then you have to get certified as well if you want to survive.
2) ISO 27001 certificate is a powerful marketing weapon. It makes difference
to informed clients whether you’re certified or not. It produces confidence
that client’s personal and other information will be (is) adequately
protected. It’s a fear killer.
3) Microsoft values ISO 27001. You have to respect that such a gigantic
company wants ISO 27001 certificate. ... (more)
Security Track at Cloud Expo
Have you ever Googled "information security strategy“?
Try it yourself and see the results.
What you get is bunch of mixed-up terminology, most of it does not (should
not) fit into what information security strategy really is (or should be).
Major misconception is this – information strategy is risk treatment
(mitigation) plan. In some way it is true, but let’s consider some major
limitations with that approach.
According to wiki, „strategy“ is „a plan of action designed to achieve
a particular goal.“ So you have a business strategy, which is a plan o... (more)
Facebook on Ulitzer
I really don’t have any problems with Facebook whatsoever since I don’t
really use it in any meaningful way (can it be used in such a way at all?).
But that does not mean that Facebook does not have some serius security
problems. In fact I could write a book about them if I could find more time.
Let’s consider some of them. For instance, Facebook users can use too many
different applications for which no serious (mandatory) security evaluation /
verification process exists. So hackers and other bad guys can continue to
create applications that appear not so ma... (more)
Security Track at Cloud Expo
According to wikipedia, information security means „protecting information
and information systems from unauthorized access, use, disclosure,
disruption, modification or destruction“.
Another definition could be – „managing the process of mitigating
(transfering, reducing, avoiding) unacceptable information security risks“.
And yet another – „the implementation of programs and practices that
protect the integrity and safety of computer programs and information“.
Of course, there are variations on the common theme. And this theme without
any doubt is ... (more)
What is an information security objective or goal? Could you state that your
organisation’s information security objective / goal is to „protect
confidentiality, integrity and availability of information“? Pause and
think for a second. Isn’t this a definition of information security?
Isn’t this what is information security all about – protecting
information? Is this maybe too general?
What are your security objectives?
This seven word statement is the most commonly used information security goal
statement in information security policy documents and if left just like this
– ... (more)
...
David Lucas
Shaul Efraim
Terence Martin Breslin
Cory Marchand
David Hughes
James Carlini
John Iffert
Dan Stolts
Joe Zeto
Ulitzer content is offered under Creative Commons "Attribution Non-Commercial No Derivatives" License.
For any reuse or distribution, you must make clear to others the license terms of this work.
The best way to do this is with a link to this web page.
Any of the above conditions can be waived if you get written permission from Ulitzer, Inc., the copyright holder.
Nothing in this license impairs or restricts the author's moral rights.