We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.15, “Supplier Relationships”, which is crucial for organizations in order to ensure the security of information assets shared with external suppliers. This annex provides guidelines for managing supplier relationships effectively to mitigate […]
What is it? Malvertising : Malware delivered through Advertising. These corrupted ads are designed to appear legitimate but they may serve malicious code, which can infect a user’s device simply through viewing or clicking on the ad. Malvertising exploits the expansive reach and complex supply chains of online advertising networks, enabling attackers to deliver […]
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.14, “System Acquisition, Development, and Maintenance”, which addresses the importance of ensuring the security of information systems throughout their lifecycle, from acquisition and development to maintenance and disposal. This annex provides […]
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.13, “Communications Security”, which addresses the importance of securing information during its transmission over communication networks. This annex provides guidelines for implementing controls to protect the confidentiality, integrity, and availability of […]
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.12, “Operations Security”, which focuses on ensuring secure operations of information systems and assets. This annex provides guidelines for implementing controls to manage day-to-day operations, protect against security incidents, and maintain the […]
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.11, “Physical and Environmental Security”, which addresses the importance of protecting physical assets, facilities, and infrastructure that house information systems and assets. This annex provides guidelines for implementing controls to safeguard […]
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.10, “Cryptography”, which plays a vital role in ensuring the confidentiality, integrity, and authenticity of sensitive information. This annex provides guidelines for implementing cryptographic controls to protect data assets from unauthorized access, […]
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.9, “Access Control”. Access control is a fundamental component of information security management systems (ISMS). It provides guidelines for implementing controls to ensure that only authorized individuals have access to information […]
ISO 27001:2022 Annex A.8, “Asset Management,” addresses the importance of identifying, classifying, and managing information assets within an organization. This annex emphasizes the need for organizations to establish processes for inventorying assets, assessing their value, and implementing appropriate controls to protect them. In this technical educational article, we’ll explore how to implement Annex A.8 […]
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.7, “Human Resource Security”. These controls address the critical role that personnel play in information security within an organization. This annex emphasizes the need for organizations to implement measures […]
