Secaware 29 views Claim this Business♡

This guideline supports ISMS auditors with pragmatic advice on two key aspects: The kinds of evidence typically sought during an ISMS audit i.e. documents and information in other forms (e.g. expresse...

Aside from the direct, immediate impacts (losses and costs) and effects on business systems, networks and data, cyber incidents may have devastating business consequences if supply chains, perhaps eve...

This module focuses on exploiting and protecting valuable information in a broad range of working situations - not just traditional offices but workers in other locations and situations such as: Farms...

Working from home, on-the-hoof, or more generally working in temporary and transient locations, changes the information risks compared to working in purpose-built corporate offices. Mostly, the risks...

Widespread in the public, corporate and personal domains, surveillance is both a valuable monitoring control and a privacy/human rights concern, depending on your perspective. This SecAware awareness...

The sheer variety of social engineering scams, cons and frauds is one of the key messages in this awareness and training module. This SecAware module concerns: Social engineering attacks including phi...

ISMS Orbit is a substantial bundle of documentation supporting the establishment of an ISO/IEC 27001 Information Security Management System. These are generic templates (Microsoft Office files) for va...

SecAware ISMS Take-off is a ‘toolkit’, a substantial bundle of documentation supporting the establishment of an ISO/IEC 27001:2022 Information Security Management System. The Take-off materials ar...

This awareness and training module concerns conceptual or architectural frameworks, standards, methods and good practices in the area of information risk and security – ‘security frameworks’ or...

~5-page checklist covering 11 categories of information asset Control 5.9 in ISO/IEC 27002: 22 recommends an inventory of information assets that should be “accurate, up to date, consistent and alig...

Although “insider threat" is a commonplace term, it is a misnomer. “Insider risk" would more accurate since there is more to this than the threat posed by insiders. “Insiders" in this context ar...

‘Information protection’ is a vague title for an awareness module … which gives us (and you!) plenty of latitude in the scope. Information is a valuable yet vulnerable resource. We rely on infor...

Despite our best efforts to avoid or prevent incidents and avert disasters, they remain a possibility. Being prepared puts us in a better position to survive and thrive, keeping essential business pro...

Hackers range between fabulous allies and dastardly opponents, depending on their skills and, in particular, their ethics and motivation. They are the good, the bad and the ugly of information securit...

The information risks and security controls associated with email are the focus of this module, plus (to some extent) security issues relating to other forms of interpersonal or person-to-person commu...

IT systems, devices and networks can be the targets of crime as in hacking, ransomware and computer fraud. They are also tools that criminal use to research, plan and coordinate their crimes. Furtherm...

This awareness and training module explores cybersecurity, a problematic term. Despite being bandied about, it is rarely defined and often misunderstood. It encompasses issues ranging from IT and netw...

This awareness and training module delves into the monitoring/oversight and enforcement aspects of compliance - 'playing by the rules'. Both the organization as whole, and workers individually, are ob...

This module raises awareness of the information risks and security controls associated with cloud computing. Cloud computing is a strong and still growing part of the IT industry. It’s a hit! The re...

Bring Your Own Device is, at face value, simply a matter of workers using their laptops, tablet PCs and smartphones for business purposes. Scratch beneath the surface, however, to reveal a number of i...

This awareness module explains Business Continuity Management as an approach to save the business and save lives. When the chips are down, whether and how well the organization and its people survive...

Assurance is a valuable, generally-applicable form of information security control. Assurance measures increase confidence in things, generating trust by checking, reviewing, testing, auditing and gen...

The security and privacy concerns associated with software make this an important awareness and training topic, relevant to staff. management and professionals alike. Applications are all the rage –...

ISMS Launchpad is a starter kit supporting the launch of a basic Information Security Management System. It is a set of templates for the essential (mandatory) documentation - the ISMS scope, RTP, SoA...