Data governance involves managing a company's data throughout its lifecycle through established principles and processes. It determines who can access data, under what circumstances, and using which methods. The primary goal is to ensure data is secure, high-quality, and aligned with business objectives.Key components include data quality, data privacy, data security, data … [Read more...] about Data Governance: What Is It and Why Is It Important?
Cybersecurity-Management
What is security information and event management (SIEM)?
Security information and event management (SIEM) combines security information management (SIM) and security event management (SEM) into a single system. It aggregates data from multiple sources, identifies deviations, and takes action by logging information, generating alerts, and instructing security controls. Initially driven by compliance needs, SIEM has become valuable for … [Read more...] about What is security information and event management (SIEM)?
An Audit Handbook for Segregation of Duties
Ineffective segregation of duties (SoD) in enterprise applications can lead to operational losses, financial misstatements, and fraud. The rapid addition of users to enterprise applications increases the risk of SoD violations, especially when default roles are not well-configured to prevent such violations. Business managers often struggle to obtain accurate security … [Read more...] about An Audit Handbook for Segregation of Duties
Pragmatic ISMS Implementation Guidelines
SecAware's "ISMS Implementation Guidelines" provide a fairly comprehensive, pragmatic approach to applying ISO/IEC 27001 in practice for information risk and security professionals. The document offers detailed guidance on constructing and implementing an Information Security Management System (ISMS) that aligns with the standard’s formal specifications and an organization’s … [Read more...] about Pragmatic ISMS Implementation Guidelines
Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions
Researchers are addressing the increasing need for robust cybersecurity measures among Small and Medium Enterprises (SMEs) in the face of evolving cyber threats. Given the budgetary constraints and limited cybersecurity expertise in SMEs, their study focuses on the potential of open-source Security Information and Event Management (SIEM) systems as cost-effective solutions. The … [Read more...] about Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions
CNIL Practice Guide to Security of Personal Data in 2024
The "CNIL Practice Guide: Security of Personal Data 2024" provides comprehensive guidelines for organizations to implement security measures ensuring personal data protection as mandated by the GDPR. The guide targets data protection officers (DPOs), chief information security officers (CISOs), IT professionals, and privacy lawyers, offering practical advice and … [Read more...] about CNIL Practice Guide to Security of Personal Data in 2024
Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In
In today's digital era, cybersecurity has emerged as a fundamental component of corporate strategy and risk management, necessitating a strategic approach in its communication, especially to board members. Cybersecurity is no longer just a technical issue but a crucial part of boardroom discussions due to the increasing frequency of cyber threats, which can disrupt business … [Read more...] about Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In
Understanding and Preparing for Payment Card Industry Data Security Standard (PCI DSS) 4.0
The Payment Card Industry Data Security Standard (PCI DSS) has evolved to version 4.0, presenting new challenges and requirements for organizations handling credit card information. This version, which must be complied with by March 31, 2025, aims to foster continuous security posture monitoring and more closely integrates cybersecurity efforts with fraud management practices. … [Read more...] about Understanding and Preparing for Payment Card Industry Data Security Standard (PCI DSS) 4.0
Business continuity vs. disaster recovery vs. incident response
In today's digital age, where almost every aspect of a business is connected to technology, organizations face the constant threat of cyberattacks that can disrupt their critical IT ecosystem. To mitigate such threats and ensure digital resilience, businesses must have comprehensive plans for business continuity, disaster recovery, and incident response. Business continuity … [Read more...] about Business continuity vs. disaster recovery vs. incident response
Demystifying ISO 27701: A Comprehensive Guide for Data Privacy Management
This article sheds light on the significance of ISO 27701 in data privacy management. ISO 27701, in particular, extends the principles of ISO 27001, which concentrates on information security, to include data privacy aspects. This standard is designed to help organizations manage and protect personally identifiable information (PII) effectively, ensuring compliance with privacy … [Read more...] about Demystifying ISO 27701: A Comprehensive Guide for Data Privacy Management
Improving Enterprise Patching for General IT Systems
This NIST publication addresses the critical challenge of patch management in cybersecurity. Authored by experts from the National Cybersecurity Center of Excellence (NCCoE) at NIST and collaborators from various organizations, including Microsoft and The MITRE Corporation, the publication provides practical guidance for enhancing patching practices within IT systems.The … [Read more...] about Improving Enterprise Patching for General IT Systems
CISA Launches Project to Assess Effectiveness of Security Controls
In an article by Phil Muncaster, the US Cybersecurity and Infrastructure Security Agency (CISA) is reported to have relaunched the Cybersecurity Insurance and Data Analysis Working Group (CIDAWG). Initially founded in 2016, the renewed focus of CIDAWG, as explained by CISA deputy director Nitin Natarajan, is to foster collaboration with the industry to understand better which … [Read more...] about CISA Launches Project to Assess Effectiveness of Security Controls
Book Review: “Mastering Information Security Compliance Management”
"Mastering Information Security Compliance Management: A comprehensive handbook on ISO/IEC 27001:2022 compliance" by Adarsh Nair is an in-depth guide designed for information security professionals. The book focuses on the ISO/IEC 27001:2022 and ISO/IEC 27002:2022 standards. It is intended for those responsible for implementing, auditing, and managing ISMSs, including security … [Read more...] about Book Review: “Mastering Information Security Compliance Management”
Webinar: An Introduction to SEC Cybersecurity Disclosure Rules
The webinar transcript on the SEC's new cybersecurity disclosure rules provided an in-depth discussion of the latest compliance requirements and strategies for addressing the escalating cyber threat landscape. The rules necessitate annual disclosure of cybersecurity risk management strategies and significant incidents applicable to various organizations, including domestic … [Read more...] about Webinar: An Introduction to SEC Cybersecurity Disclosure Rules
IoT Security Labeling Improving, But More Collaboration Needed
In the article "IoT Security Labeling Improving, But More Collaboration Needed," Steve Hanna writes about the recent advancement in consumer IoT device security through the U.S. Cyber Trust Mark program. Based on the criteria defined in NIST IR 8425, this program offers an objective way for consumers to identify products with a verified baseline level of security. Hanna argues … [Read more...] about IoT Security Labeling Improving, But More Collaboration Needed
Understanding and Enhancing the Values of ISO/IEC 27001 Internal Audit
SummaryThe full article dives into the critical role of internal audits in the context of ISO 27001, a standard for Information Security Management Systems (ISMS). The article defines internal audit as an independent and objective activity essential for evaluating and improving the effectiveness of an organization's ISMS. These audits are mandatory under the ISO standard to … [Read more...] about Understanding and Enhancing the Values of ISO/IEC 27001 Internal Audit
Minimizing Harms and Maximizing the Potential of Generative AI
Elham Tabassi explores the complexities surrounding generative AI, such as ChatGPT, and its societal impact. The article begins by drawing parallels between the advent of social media and the emergence of generative AI tools. Just as social media brought connection and challenges, generative AI presents a mix of potential benefits and risks, including misinformation and job … [Read more...] about Minimizing Harms and Maximizing the Potential of Generative AI
What is a System Audit Report (SAR)? – A Brief Guide
Riddika Grover's article delves into the significance of the System Audit Report (SAR) in financial data security. The article underscores SAR as a crucial strategy for combating various threats, including money laundering and geopolitical uncertainties, and highlights its importance in ensuring safe payment gateways. The main objective of this guide is to shed light on the … [Read more...] about What is a System Audit Report (SAR)? – A Brief Guide
Top 10 ISO 27001 Compliance Challenges and Smart Fixes for Your Business
SecureSlate's article addresses the critical challenges businesses face while complying with ISO 27001 standards. Recognizing the growing significance of digital security and the increasing rate of cyber incidents, the article emphasizes that ISO 27001 adoption is essential for businesses to protect data and comply with cybersecurity regulations.The article begins by … [Read more...] about Top 10 ISO 27001 Compliance Challenges and Smart Fixes for Your Business
ISO Standards in Documentation: Helpful or Hindering?
Rachele Augusto's article, "ISO Standards in Documentation: Helpful or Hindering?" examines the evolving role of ISO standards in technical documentation. The report begins by tracing the history of ISO (International Organization for Standardization) standards in documentation, starting from the early 20th century. It notes the introduction of ISO 216 in 1975, which … [Read more...] about ISO Standards in Documentation: Helpful or Hindering?