16th November, 2016 | by Andrew Barham
There is increasing focus and interest in information security. Just think of recent events here in Australia… the census crashing because of overseas hackers; the almost continual reporting of people’s private information being compromised; phone hacking by unscrupulous news reporters desperate for the latest big story; and of course, people posting information they shouldn’t on social media.
Whilst all these major stories are centred around the failure of some aspect of information technology, ISO 27001 (the International Standard for information security management systems) does include many requirements for non-IT security of information… and that is what we are going to talk about here.
What can you do to keep your information secure that does not involve the IT department? We’ve picked nine specific ISO 27001- Information Security controls which are listed specifically in Annex A and have been directly derived from, and align with, ISO 27002. We also briefly explain what each means.
7th November, 2016 | by Andrew Barham
Recently I had a lovely email from a past student saying that she missed our blogs. We have been a little slack and I must admit that we haven’t published one for about three months! Sorry.
Well I rang her and asked if she had any topics in particular that she would like us to write about. A little later I received an email offering two topics which had come about from findings by her employer’s external certification auditor. These were:
- Being proactive in preventative action
- Emergency Preparedness & Response (going beyond a fire drill).
I’m going to address the first topic in this post and I’ll talk about the other in ‘Emergency testing- It’s more than just a fire drill’