Secaware 28 views Claim this Business♡

This guideline supports ISMS auditors with pragmatic advice on two key aspects: The kinds of evidence typically sought during an ISMS audit i.e. documents and information in other forms (e.g. expressed verbally in audit interviews). Only some of this is formally mandated by the standard, with the re...

Aside from the direct, immediate impacts (losses and costs) and effects on business systems, networks and data, cyber incidents may have devastating business consequences if supply chains, perhaps even whole industries and nations are affected. Cyber risk is an increasingly significant concern to vi...

This module focuses on exploiting and protecting valuable information in a broad range of working situations - not just traditional offices but workers in other locations and situations such as: Farms, mines, trawlers … (primary production); Factories and workshops; Warehouses and distribution cen...

Working from home, on-the-hoof, or more generally working in temporary and transient locations, changes the information risks compared to working in purpose-built corporate offices. Mostly, the risks increase in line with the complexities of remote access, portability and physical dispersion … but...

Widespread in the public, corporate and personal domains, surveillance is both a valuable monitoring control and a privacy/human rights concern, depending on your perspective. This SecAware awareness and training module explores the information risk and security, privacy and human rights angles to s...

The sheer variety of social engineering scams, cons and frauds is one of the key messages in this awareness and training module. This SecAware module concerns: Social engineering attacks including phishing, spear-phishing, Business Email Compromise and many more; The use of pretexts, spoofs, masquer...

ISMS Orbit is a substantial bundle of documentation supporting the establishment of an ISO/IEC 27001 Information Security Management System. These are generic templates (Microsoft Office files) for various discretionary materials, supplementing and extending the SecAware Launchpad and Take-off packa...

SecAware ISMS Take-off is a ‘toolkit’, a substantial bundle of documentation supporting the establishment of an ISO/IEC 27001:2022 Information Security Management System. The Take-off materials are primarily intended for managers. An ISO27k ISMS is, after all, a management system. These are gene...

This awareness and training module concerns conceptual or architectural frameworks, standards, methods and good practices in the area of information risk and security – ‘security frameworks’ or ‘frameworks’ for short. Both the organization and individual workers are obliged to comply with ...

~5-page checklist covering 11 categories of information asset Control 5.9 in ISO/IEC 27002: 22 recommends an inventory of information assets that should be “accurate, up to date, consistent and aligned with other inventories". Fair enough, but what are 'information assets'? The standard refers eni...

Although “insider threat" is a commonplace term, it is a misnomer. “Insider risk" would more accurate since there is more to this than the threat posed by insiders. “Insiders" in this context are primarily employees - both staff and management - of the organization, those on its payroll. “Ou...

‘Information protection’ is a vague title for an awareness module … which gives us (and you!) plenty of latitude in the scope. Information is a valuable yet vulnerable resource. We rely on information to communicate and find out about things, to learn and be entertained, to express ourselves a...

Despite our best efforts to avoid or prevent incidents and avert disasters, they remain a possibility. Being prepared puts us in a better position to survive and thrive, keeping essential business processes and systems running despite the event (continuity and resilience), recovering non-essential o...

Hackers range between fabulous allies and dastardly opponents, depending on their skills and, in particular, their ethics and motivation. They are the good, the bad and the ugly of information security. At the good end of the scale, white-hat hackers are actively exploring and expanding IT. Hacking,...

The information risks and security controls associated with email are the focus of this module, plus (to some extent) security issues relating to other forms of interpersonal or person-to-person communications such as the telephone, SMS/text messaging and chat-type applications such as Skype and Ins...

IT systems, devices and networks can be the targets of crime as in hacking, ransomware and computer fraud. They are also tools that criminal use to research, plan and coordinate their crimes. Furthermore, criminals use technology routinely to manage and conduct their business, financial and personal...

This awareness and training module explores cybersecurity, a problematic term. Despite being bandied about, it is rarely defined and often misunderstood. It encompasses issues ranging from IT and network security in general up to cyberwar - an extreme range that people don't usually appreciate. To t...

This awareness and training module delves into the monitoring/oversight and enforcement aspects of compliance - 'playing by the rules'. Both the organization as whole, and workers individually, are obliged to comply with various rules concerning information security. Some rules are imposed on us by ...

This module raises awareness of the information risks and security controls associated with cloud computing. Cloud computing is a strong and still growing part of the IT industry. It’s a hit! The relative novelty of cloud computing puts naïve managers, staff and professionals at a disadvantage: w...

Bring Your Own Device is, at face value, simply a matter of workers using their laptops, tablet PCs and smartphones for business purposes. Scratch beneath the surface, however, to reveal a number of information security and privacy issues. The distinction between ownership and control of the data ve...

This awareness module explains Business Continuity Management as an approach to save the business and save lives. When the chips are down, whether and how well the organization and its people survive serious incidents depends on their readiness, resources and resilience - three aspects that can be b...

Assurance is a valuable, generally-applicable form of information security control. Assurance measures increase confidence in things, generating trust by checking, reviewing, testing, auditing and generally poking into situations. Although this is an unusual topic, assurance is a widespread issue, s...

The security and privacy concerns associated with software make this an important awareness and training topic, relevant to staff. management and professionals alike. Applications are all the rage – well mobile “apps" anyway. Users of iThings and no end of shiny little eToys can’t resist downl...

ISMS Launchpad is a starter kit supporting the launch of a basic Information Security Management System. It is a set of templates for the essential (mandatory) documentation - the ISMS scope, RTP, SoA, information security policy and the rest. These are straightforward generic templates (Microsoft O...