Article Cybersecurity ECS Educational General ISO 27001

Understanding ISO 27001:2022 Annex A.8 – Asset Management

  ISO 27001:2022 Annex A.8, “Asset Management,” addresses the importance of identifying, classifying, and managing information assets within an organization. This annex emphasizes the need for organizations to establish processes for inventorying assets, assessing their value, and implementing appropriate controls to protect them. In this technical educational article, we’ll explore how to implement Annex A.8 […]

Cybersecurity ECS Educational ISO 27001

Understanding ISO 27001:2022 Annex A.7 – Human Resource Security

We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.7, “Human Resource Security”.     These controls address the critical role that personnel play in information security within an organization. This annex emphasizes the need for organizations to implement measures […]

Article Cybersecurity ECS Educational General ISO 27001

Understanding ISO 27001:2022 Annex A.6 – Organization of Information Security

We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. We start today with ISO 27001:2022 Annex A.6, “Organization of Information Security”, which outlines requirements for establishing an effective management framework to govern information security within an organization. This annex emphasizes the importance of defining roles, responsibilities, […]

Cybersecurity ECS Educational ISO 27001

Understanding ISO 27001:2022 Annex A.5 – Information Security Policies

We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. We start today with A.5. Information Security Policies.     Importance of Information Security Policies Information security policies are crucial components of any organization’s cybersecurity framework. They provide guidelines and principles for safeguarding sensitive information, […]

Cybersecurity ECS General ISO 27001

Annex A of ISO 27001:2022 explained and tips to prepare for an audit

We wrote in the previous article ISO 27001:2022: chapter by chapter description about ISO 27001:2022 Annex A. Annex A of ISO 27001:2022 is a vital component of the standard, outlining a comprehensive set of controls that organizations can implement to mitigate information security risks effectively. These controls cover a wide range of areas, including physical security, […]

Cybersecurity ECS Educational ISMS

The ISO 27000 family of protocols and their role in cybersecurity

The ISO 27000 family of protocols represent a series of standards developed by the International Organization for Standardization (ISO) to address various aspects of information security management. These standards provide a framework for organizations to establish, implement, maintain, and continually improve their information security management systems (ISMS). Each standard within the ISO 27000 family serves […]

Article Cybersecurity ECS Educational General Security

Risk Assessment of AWS services used in building a resilient Web App on AWS

We wrote here in the article “Building Resilient Web Applications on AWS: A Comprehensive Approach to Security” how to use certain AWS services to implement a resilient web based application. The services mentioned require also a brief analysis in respect to Security, Confidentiality, Integrity, Availability and Privacy.   CloudTrail AWS CloudTrail records API calls and creates […]