The webinar covers:
• An overview of Cybersecurity
• Explaining of Cybersecurity Relationship with other types of security
• Guidance for addressing common Cybersecurity issues.
• Convincing stakeholders to collaborate on resolving Cybersecurity issues.
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Fabrice DePaepe, who is Managing Director at Nitroxis Sprl and has more than 15 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/fQUSQEoLsYc
Just created a slideshare presentation giving a basic introduction to ISO27001 and its Scope, Implementation & Application. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
New data protection regulations have significantly impacted the way that businesses collect, store, and handle clients’ personal information.
Considering the continuously increasing importance of data protection and privacy in today’s world, businesses should be up to speed with their data privacy policies and procedures.
The webinar covers:
1. ISO/IEC 27001 – Information Security Framework Key requirements under CCPA, CPRA, GDPR
• ISO/IEC 27005 – Information Security Risk Management
• ISO/IEC 27035 – Information Security Incident Management
• ISO/IEC 22301 & 27031 - Business Continuity Management (BCM)
2. Alternative Frameworks
• CMMC - Cybersecurity Maturity Model Certification
• NIST CSF Cybersecurity Framework
• ISO/IEC 27032 – Guidelines for Cybersecurity
3. Supplier Management
Date: April 21, 2021
Recorded Webinar: https://youtu.be/bi3tvvhGV1s
Improve Cybersecurity posture by using ISO/IEC 27032PECB
Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation.
Adopting ISO 27032 will help to:
• Understanding the nature of Cyberspace and Cybersecurity
• Explore Cybersecurity Ecosystem – Roles & Responsibilities
• Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls
Presenter:
Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education.
Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM
Here are some small steps to achieve ISO 27001 implementation.
I believe ISO 27001/2 is a key to establish security in the organizations and help the companies to keep the whole ISMS program running aligned with continues improvement.
As ISO 27001 has been identified by ICO and recognized by GCHQ/NCSC in the past as the key standard to support GDPR.
Just created a slideshare presentation giving a basic introduction to ISO27001 and its Scope, Implementation & Application. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
New data protection regulations have significantly impacted the way that businesses collect, store, and handle clients’ personal information.
Considering the continuously increasing importance of data protection and privacy in today’s world, businesses should be up to speed with their data privacy policies and procedures.
The webinar covers:
1. ISO/IEC 27001 – Information Security Framework Key requirements under CCPA, CPRA, GDPR
• ISO/IEC 27005 – Information Security Risk Management
• ISO/IEC 27035 – Information Security Incident Management
• ISO/IEC 22301 & 27031 - Business Continuity Management (BCM)
2. Alternative Frameworks
• CMMC - Cybersecurity Maturity Model Certification
• NIST CSF Cybersecurity Framework
• ISO/IEC 27032 – Guidelines for Cybersecurity
3. Supplier Management
Date: April 21, 2021
Recorded Webinar: https://youtu.be/bi3tvvhGV1s
Improve Cybersecurity posture by using ISO/IEC 27032PECB
Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation.
Adopting ISO 27032 will help to:
• Understanding the nature of Cyberspace and Cybersecurity
• Explore Cybersecurity Ecosystem – Roles & Responsibilities
• Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls
Presenter:
Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education.
Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM
Here are some small steps to achieve ISO 27001 implementation.
I believe ISO 27001/2 is a key to establish security in the organizations and help the companies to keep the whole ISMS program running aligned with continues improvement.
As ISO 27001 has been identified by ICO and recognized by GCHQ/NCSC in the past as the key standard to support GDPR.
The security of information systems and business-critical information needs constant managing to ensure your operational continuity and data protection. ISO 27001 Information Security Management Systems certification allows you to stand out from the competition through strong information security measurement.
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001.
Following are the key objectives of this presentation:
Provide an introduction to ISO27001 and changes in 2013 version
Discuss the implementation approach for an Information Security Management System (ISMS) framework
Familiarize the audience with some common challenges in implementation
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
[To download this complete presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
ISO/IEC 27001:2022 is the latest internationally-recognised standard for Information Security Management Systems (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It provides a robust framework to protect information that can be adapted to all types and sizes of organization. Organizations that have significant exposure to information-security related risks are increasingly choosing to implement an ISMS that complies with ISO/IEC 27001.
This ISMS awareness PPT presentation material is designed for organizations who are embarking on ISO/IEC 27001:2022 implementation and need to create awareness of information security among its employees.
LEARNING OBJECTIVES
1. Acquire knowledge on the fundamentals of information security
2. Describe the ISO/IEC 27001:2022 structure
3. Understand the ISO/ IEC 27001:2022 implementation and certification process
4. Gather useful tips on handling an audit session
, hosted by Alan Calder CEO and founder of Vigilant Software and acknowledged information security risk assessment and management thought leader, explains and discusses what is information security? What is an information security management system (ISMS)? What is ISO 27001? Why should I and my organisation care about ISO 27001?
Iso iec 27001 foundation training course by interpromMart Rovers
What is involved with the ISO/IEC 27001 Foundation certification training course? Learn about the course curriculum, target audience, duration, formats, exam, fees and much more.
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
This webinar gives an idea of what is the relation of ISO 27032 with ISO 55001, and how these two standards cover one another. Get more information on Cybersecurity as the importance is given more to the security industry nowadays.
Main points covered:
• Protection assets in Cyberspace
• Covering ISO 27032 in ISO 55001 and ISO 55001 in ISO 27032
• Sample of Cybersecurity Risks in Assets
• Highlights of the Implementation of the Cyber Security program Framework
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Claude Essomba, who is a Managing Director at GETSEC SARL, and has more than 9 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/_280jG77iKY
En wat is de werkelijke impact?
- Introductie
- Verandering ISO 27001:2013
- ISMS certificeringsproces
- ISMS opzetten
- Risicomanagement
- Contracten leveranciers / marktstandaarden
Sprekers:
Naam: Reinier van Es
Functie: Business Development & Project Manager
Naam: ir. Marco Bom, CISSP
Functie: Lead assessor ISMS/ QMS
Meer informatie zie: http://www.lrqa.nl/normen/86850-iso27001.aspx
Training over ISO 27001 zie: http://www.lrqa.nl/Onze-diensten/training/lrqa-all-training-courses/Informatiebeveiliging.aspx
Talk that Prof. Mustaque Ahamad from GaTech gave at Global Cybersecurity Leaders Program http://www.cisoacademy.com/gclp2-prof-mustaque-ahamad-april-2015/
The security of information systems and business-critical information needs constant managing to ensure your operational continuity and data protection. ISO 27001 Information Security Management Systems certification allows you to stand out from the competition through strong information security measurement.
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001.
Following are the key objectives of this presentation:
Provide an introduction to ISO27001 and changes in 2013 version
Discuss the implementation approach for an Information Security Management System (ISMS) framework
Familiarize the audience with some common challenges in implementation
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
[To download this complete presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
ISO/IEC 27001:2022 is the latest internationally-recognised standard for Information Security Management Systems (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It provides a robust framework to protect information that can be adapted to all types and sizes of organization. Organizations that have significant exposure to information-security related risks are increasingly choosing to implement an ISMS that complies with ISO/IEC 27001.
This ISMS awareness PPT presentation material is designed for organizations who are embarking on ISO/IEC 27001:2022 implementation and need to create awareness of information security among its employees.
LEARNING OBJECTIVES
1. Acquire knowledge on the fundamentals of information security
2. Describe the ISO/IEC 27001:2022 structure
3. Understand the ISO/ IEC 27001:2022 implementation and certification process
4. Gather useful tips on handling an audit session
, hosted by Alan Calder CEO and founder of Vigilant Software and acknowledged information security risk assessment and management thought leader, explains and discusses what is information security? What is an information security management system (ISMS)? What is ISO 27001? Why should I and my organisation care about ISO 27001?
Iso iec 27001 foundation training course by interpromMart Rovers
What is involved with the ISO/IEC 27001 Foundation certification training course? Learn about the course curriculum, target audience, duration, formats, exam, fees and much more.
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
This webinar gives an idea of what is the relation of ISO 27032 with ISO 55001, and how these two standards cover one another. Get more information on Cybersecurity as the importance is given more to the security industry nowadays.
Main points covered:
• Protection assets in Cyberspace
• Covering ISO 27032 in ISO 55001 and ISO 55001 in ISO 27032
• Sample of Cybersecurity Risks in Assets
• Highlights of the Implementation of the Cyber Security program Framework
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Claude Essomba, who is a Managing Director at GETSEC SARL, and has more than 9 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/_280jG77iKY
En wat is de werkelijke impact?
- Introductie
- Verandering ISO 27001:2013
- ISMS certificeringsproces
- ISMS opzetten
- Risicomanagement
- Contracten leveranciers / marktstandaarden
Sprekers:
Naam: Reinier van Es
Functie: Business Development & Project Manager
Naam: ir. Marco Bom, CISSP
Functie: Lead assessor ISMS/ QMS
Meer informatie zie: http://www.lrqa.nl/normen/86850-iso27001.aspx
Training over ISO 27001 zie: http://www.lrqa.nl/Onze-diensten/training/lrqa-all-training-courses/Informatiebeveiliging.aspx
Talk that Prof. Mustaque Ahamad from GaTech gave at Global Cybersecurity Leaders Program http://www.cisoacademy.com/gclp2-prof-mustaque-ahamad-april-2015/
Bcp Dr Grant Thornton Llp(Danny Miller) VfinalDanny Miller
In light of the hurricane coming up the east coast of the U.S., Grant Thornton has a holistic approach to business continuity and disaster preparedness.
A Year of Cloud First: Lessons LearnedMike Chapple
Notre Dame is a year into our Cloud First journey. In this webcast, I shared some of the lessons we've learned along the way. Changing the culture and building a migration plan are two critical building blocks for a successful transition.
The ability to effectively maintain compliance while operating in the cloud has become critical to Life Sciences organizations.
Learn more about the advantages, challenges and benefits of operating in the cloud in this eBook:
Accelerate Your GxP Compliance in the Cloud: What to Expect From Your Technology Provider
Read More: http://ap.pn/2fFlCj0
We will talk about how people do perceive cloud computing and how to link it with a cybersecurity plan. Is cybersecurity compatible with public clouds?
Main points that will be covered:
• Examples of cybersecurity techniques/ technologies
• What is cloud computing – different types of cloud
• Measure to take care of when working with Cloud Computing
• Examples of technologies adapted to “secure the cloud”
Presenter:
Eric Fourn is a security and virtualization / cloud professional with more than 12 years of experience. He holds certifications in virtualization and security. Also he is certified instructor for virtualization technologies and a PECB trainer. He wrote a book on VMware vSphere 5 (editions ENI).
Link of the recorded session published on YouTube: https://youtu.be/Dp6YF7BagQc
In this presentation from IVT's Qualifying and Validating Cloud and Virtualized IT Infrastructures, Chris Wubbolt and John Patterson focus on current trends in cloud computing environments, including aspects of cloud computing and Software-as-a-Service (SaaS) providers that may be of interest to US Food and Drug Administration investigators during an FDA inspection. Important compliance related points to consider for software vendors as they shift to becoming SaaS providers are discussed. The presentation also reviews the pros and cons of cloud computing from a business and compliance perspective, including differences between traditional computing environments and private/public clouds. Examples of issues to consider when using cloud computing environments and SaaS providers are also discussed.
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Luca Moroni ✔✔
Critical Infrastructures (IC) are essential elements in our economic and social life. Cyber incidents in such organizations could create a “domino effect”. This must be an important concern in a National Cyber Security Policy. Now EU Cybersecurity Act
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...ShyamMishra72
In today's rapidly evolving digital landscape, cybersecurity has become a top priority for organizations across all industries, especially those operating in the information technology (IT) sector. With the ever-increasing threat of cyberattacks and data breaches, it is essential for IT industries and organizations striving for ISO 27001 compliance to adopt robust security measures to safeguard their sensitive data and protect against potential vulnerabilities. One such crucial security practice is Vulnerability Assessment and Penetration Testing (VAPT).
Vulnerability Assessment and Penetration Testing, commonly referred to as VAPT, is a proactive approach to identifying and addressing security vulnerabilities within IT systems, networks, and applications. It involves a comprehensive assessment of an organization's digital infrastructure to identify weaknesses that could be exploited by cybercriminals. VAPT consists of two main components:
ISACA SLOVENIA CHAPTER October 2016 - LubianaLuca Moroni ✔✔
Talk Luca Moroni - Via Virtuosa
Cyber security awareness of critical infrastructures in N/E of Italy: scenarios and guidelines for self-assesementOzaveščenost o varnosti spleta in kritične infrastrukture v severni Italiji: Scenariji in smernice kako opraviti samooceno
GDPR and ISO 27001 - how to be compliantIlesh Dattani
being GDPR Compliant using a long-standing international standing and getting accreditation. Demonstrate GDPR Compliance. accreditation provides a means to demonstrate that you are in line with standard procedures and processes
Join us on our upcoming BYOP (Bring Your Own Pizza) "Application Security Meetup" to hear about the latest cyber security breaches, trends and technologies in modern application development.
Agenda:
17:00 - 17:10 - Opening words - by Lior Mazor (Organizer)
17:10 - 17:35 - 'Recent cyber security attacks in Israel' - by Lior Mazor (Organizer)
17:35 - 18:00 - ‘How to deliver a secure product’ - by Michael Furman (Tufin)
18:00 - 18:30 - 'Hacking serverless - Introduction to Serverless Application Security' - by Yossi Shenhav (Komodo)
18:30-19:00 - ‘Post Apocalypse: Exploiting web messaging implementations’ - by Chen Gour-Arie (enso security)
ITrust’s foundation was built on the expertise of our engineers and security consultants. Historically, the company is dedicated to hiring the best engineers out there and to work on complex IT security issues in penetration testing, extended enterprise PKI for various aerospace accounts, mobile security management and so on.
Module 6: Standards for Information Security Management
Information Security Management Systems (ISMS) - ISO 27001 - Framing Security Policy of
Organization- Committees- Security Forum, Core Committee, Custodian and Users, Business
Continuity Process Team & Procedure- Information Security Auditing Process. IT Security Incidents
Presentation by Soumya Mondal, on "Information Security: Importance of having definded policy & process" at "Braindigit 9th National ICT Conference 2013" organized by Information Technology Society, Nepal at Alpha House, Kathmandu, Nepal on 26th January, 2013
Policy InformationPolicy Name __________________________ ID _.docxstilliegeorgiana
Policy Information
Policy Name: __________________________ ID: ______________ Type: ☐ Internet, ☐ Networks, ☐ Systems, ☐ Information
Company/Agency/Organization: ___________________________________ Date: _____________
Team Name: _______________________________ Project Lead: ___________________________
Chief Executive Officer (CEO): ______________________
Role(s): Define your role(s) for this policy
Chief Info Security Officer (CISO): ___________________
Role(s): Define your role(s) for this policy
Senior Security Engineer (SSE): _____________________
Role(s): Define your role(s) for this policy
Policy Details:
1. Statement of policy
2. Authorized Access and usage equipment
3. Prohibited use of equipment
4. Systems management
5. Violations of policy
6. Policy review and modification
7. Limitations of liability
Table 4-2Components of an ISSP11 (Source: Whitman, Townsend, and Aalberts, Communications of the ACM)
Components of an ISSP
1.Statement of policy
a.Scope and applicability
b.Definition of technology addressed
c.Responsibilities
2.Authorized access and usage of equipment
a.User access
b.Fair and responsible use
c.Protection of privacy
3.Prohibited use of equipment
a.Disruptive use or misuse
b.Criminal use
c.Offensive or harassing materials
d.Copyrighted, licensed, or other intellectual property
e.Other restrictions
4.Systems management
a.Management of stored materials
b.Employee monitoring
c.Virus protection
d.Physical security
e.Encryption
5.Violations of policy
a.Procedures for reporting violations
b.Penalties for violations
6.Policy review and modification
a.Scheduled review of policy procedures for modification
b.Legal disclaimers
7.Limitations of liability
a.Statements of liability
b.Other disclaimers as needed
Figure 1 Shperes of Security
Table 4-4ISO 27000 Series Current and Planned Standards17
ISO 27000 Series Standard
Title or Topic
Comment
27000
Series Overview and Terminology
Defines terminology and vocabulary for the standard series
27001:2013
Information Security Management System Specification
Drawn from BS7799:2
27002:2013
Code of Practice for Information Security Management
Renamed from ISO/IEC 17799; drawn from BS7799:1
27003:2010
Information Security Management Systems Implementation Guidelines
Guidelines for project planning requirements for implementing an ISMS
27004:2009
Information Security Measurements and Metrics
Performance measures and metrics for information security management decisions
27005:2011
ISMS Risk Management
Supports 27001, but doesn't recommend any specific risk method
27006:2011
Requirements for Bodies Providing Audit and Certification of an ISMS
Largely intended to support the accreditation of certification bodies providing ISMS certification
27007:2011
Guideline for ISMS Auditing
Focuses on management systems
27008:2011
Guideline for Information Security Auditing
Focuses on security controls
27009:Draft
Sector-specific application of ISO/IEC 27001
Guidance for th ...
IT Governance will help you shift the state of your cyber security by improving your defences against a broad range of attacks, and reducing the risk and impact of incidents.
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
This presentation is an attempt to present the complex Subject of Cybersecurity in a concise format with main focus to present the core of Cybersecurity and best practises and standards to protect an enterprise Network.Comments of readers welcomed.Thank You (Wajahat Iqbal)
Email: Wajahat_Iqbal@yahoo.com
Major global information security trends - a summarySensePost
Presentation by Luc de Graeve at internetix in 2004.
This presentation is a summery of global information security trends in the business environment .The presentation begins with an introduction to major global trends. Legal Issues, threats, technologies and solutions are discussed
Similar to PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032 (20)
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
The global implications of DORA and NIS 2 Directive are significant, extending beyond the European Union.
Amongst others, the webinar covers:
• DORA and its Implications
• Nis 2 Directive and its Implications
• How to leverage directive and regulation as a marketing tool and competitive advantage
• How to use new compliance framework to request additional budget
Presenters:
Christophe Mazzola - Senior Cyber Governance Consultant
Armed with endless Excel files, a meme catalog worthy of the best X'os (formerly twittos), and a risk register to make your favorite risk manager jealous, I swapped my computer scientist cape a few years ago for that of a (cyber) threat hunter with the honorary title of CISO.
Ah, and I am also a quadruple senior certified ISO27001/2/5, Pas mal non ? C'est francais.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Date: April 25, 2024
Tags: Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: Digital Operational Resilience Act (DORA) - EN | PECB
NIS 2 Directive - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
In an era where digital transformation is inevitable, the landscape of cybersecurity is constantly evolving.
Amongst others, the webinar covers:
• DORA and its Implications
• ISO/IEC 27005: Risk Management in Information Security
• Leveraging Artificial Intelligence for Enhanced Cybersecurity
Presenters:
Geoffrey L. Taylor - Director of Cybersecurity
Geoffrey Taylor brings a wealth of experience from multiple roles within various industries throughout his career. As a Certified ISO 27001 Implementer and Auditor, as well as certified ISO 27005, CISM and CRISC, he brings a unique perspective on cybersecurity strategy, risk management and the implementation of an Information Security Management System, having helped multiple organizations in aligning their strategy based on their threat landscape.
Martin Tully - Senior Cyber Governance Consultant
Martin is a Senior Consultant at CRMG with over twenty years of experience, and has previously been employed at two of the ‘Big Four’ professional services firms. Martin has worked across most industry sectors in the development of the best practice guidance and risk analysis methodologies. Martin is also accomplished at: leading the implementation of an ISMS; delivering a number of information risk assessments; reviewing information security policies; assessing security requirements across the supply chain; and updating a complete framework of supporting standards. Prior to the ISF, Martin’s roles have included delivering operational risk reporting, running research projects and benchmarking information security investments for major clients. Martin holds a Bachelors degree from Royal Holloway University of London.
Date: March 27, 2024
Tags: ISO, ISO/IEC 27005, ISO/IEC 42001, Artificial Intelligence, Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27005 Information Security Risk Management - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/ffX-Xbw7XUk
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
In today’s rapidly evolving world, where Artificial Intelligence (AI) not only drives innovation but also presents unique challenges and opportunities, staying ahead means being informed.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 42001 and their key components
• Latest trends in AI Governance
• Ethical AI practices
• Benefits of Certification
Presenters:
Jeffrey Bankard - Cybersecurity & AI Leader, AI Management Systems: ISO/IEC 42001
Jeffrey provides executive leadership for AI product creation through the product incubation unit (PIU). Ensures the timely delivery of AI consulting engagements through cross-functional teams comprised of senior information and network security leaders to establish strategic goals for improving the security architecture and risk posture for clients. Consults with business leaders to define key performance indicators and service levels. Fosters employee development through mentoring and coaching. Decides how to achieve results within the organization’s strategic plans, policies, and guidelines. Develops new products and secures those products through current AI security guidelines (ISO 42001).
Adrian Resag - Experienced in Risk and Control - ISO/IEC 27001 and ISO/IEC 42001
Adrian believes a stimulating career can span many disciplines and that leading organizations value versatile professionals. He has enjoyed managing teams spanning the globe by working in world-leading organizations as Chief Audit Executive, Head of Risk Management, Information Systems Auditor, Head of Internal Control, as a consultant, a statutory auditor and an accountant. To allow such a diverse career, his approach has been to pursue certifications in many fields (making him one of the most qualified and certified in some of them). He has written books and created professional certifications in audit & assurance and compliance & ethics, and teaches in subjects from information security to risk management. With a passion for education, Adrian founded an educational institution and has taught tens of thousands of students and professionals online, in companies, universities and in governmental organizations.
Date: February 28, 2024
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/DujXaxBhhRk
The importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27002 and ISO/IEC 27032 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• CMMC Frameworks
Presenters:
Dr. Oz Erdem
Governance, Risk and Compliance (GRC) consultant, trainer, auditor, and speaker
Dr. Erdem has over 25 years of experience in information security, trade compliance, data privacy, and risk management. He took leadership roles in governance and compliance at various Fortune 100-500 companies and SMBs, including Siemens Corporation, Siemens Industry, Linqs, Texas Instruments, Rtrust, ICEsoft Technologies, NATO C3A, and BILGEM. In addition, successfully managed software development (i.e., embedded, cloud, and SaaS) and digital product projects involving information security, mobile networks, and IoT networks. Further, Dr. Erdem led several non-profit organizations, such as National Association of District Export Councils (NADEC), Government Contractors Council (GovConCouncil), and Central-North Florida District Export Council as the Chairman of the Board.
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
George Usi - CEO of Omnistruct
An internet pioneer and award-winning leader in internet governance with over 25 years of experience, George Usi knows that getting hacked is not a matter of ‘if’ but, ‘when’ and the fiscal and reputational effects that has on a business, the executives, and the board. George is the Co-Founder of Omnistruct, a cyber risk company. Omnistruct protects and expands revenue creation, reputation, and customer retention through cyber risk transference, governance, and compliance. We ensure that security and privacy programs work.
Date: January 24, 2024
YouTube Video: https://youtu.be/9i5p5WFExT4
Website: https://bit.ly/3SjovIP
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
As we approach the new year, the importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 27035 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• Best practices for building a resilient cybersecurity strategy in 2024
Presenters:
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Loris Mansiamina
A Senior GRC Professional consultant for Small, Medium and large companies. Over 10 years, Loris has been assisting clients in both public and private sectors about various matters relating to Gouvernance, Risk Management and Compliance (GRC), Digital transformation, cyber security program management, ISO 27k & ISO 20k implementation, COBIT & ITIL implementation, etc.
Date: December 19, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27035, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27035 Information Security Incident Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/yT8gxRZD_4c
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
In today's rapidly evolving digital landscape, the integration of artificial intelligence (AI) in business processes is becoming increasingly essential. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27005 and ISO/IEC 27001 and their key components
• The standard’s alignment
• Identifying AI risks and vulnerabilities
• Implementing effective risk management strategies
Presenters:
Sabrina Feddal
With more than 16 years of background in operational security, telco as engineer and project manager for major international companies. I have founded Probe I.T in 2016 to provide my customers (both national and international) with GRC services. Winner of the 2020 award, the CEFCYS – Main French Women in cybersecurity association - jury's favorite, she remains committed on a daily basis to maintaining diversity and gender diversity in her teams.
Passionate about Law, History & Cybersecurity. She has several professional certifications acquired over the course of her career: Prince2, CISSP, Lead Implementer ISO27001, Risk Manager, University degree in Cybercrime and Digital Investigation.
Her values: excellence, discretion, professionalism.
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Date: November 22, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27005, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27005 Information Security Risk Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/TtnY1vzHzns
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
In today's digital age, cybersecurity is more critical than ever. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27032:2023 and ISO/IEC 27701 and their key components
• The standard’s alignment
• Emerging Cybersecurity Threats
• What is new to the ISO/IEC 27032:2023
Presenters:
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Jeffrey Crump
Mr. Jeffrey Crump is the Principal Consultant at Arizona-based Cyber Security Training and Consulting LLC and a graduate of the Certified NIS 2 Directive Lead Implementer course. He is a Certified CMMC Assessor, Certified CMMC Professional, and Instructor. Mr. Crump is also the author of Cyber Crisis Management Planning: How to reduce cyber risk and increase organizational resilience. His book has been expanded into a triad of certification courses on cyber crisis planning, exercises, and leadership.
Date: October 25, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/a21uasr8aLs
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
Cybersecurity is an ongoing journey. The regular update and improvement of security measures is essential to stay ahead of evolving threats.
Amongst others, the webinar covers:
• Benefits of Compliance
• Digital Transformation: Why
• ISO/IEC 27001 and ISO/IEC 27032
• ISO/IEC 27001: Information Security Management System (ISMS)
• ISO/IEC 27032: Cybersecurity Framework
Presenters:
Douglas Brush
Douglas Brush is a federally court-appointed Special Master, and Court Appointed Neutral expert in high-profile litigation matters involving privacy, security, and eDiscovery.
He is an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, he has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues.
He is the founder and host of Cyber Security Interviews, a popular information security podcast.
Douglas is also committed to raising awareness about mental health, self-care, neurodiversity, diversity, equity, and inclusion, in the information security industry.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Carole Njoya
Founder in 2018 of Alcees, a Paris-based management consulting fabric specialized in cybersecurity, data privacy governance and digital trust, Carole Njoya provides independent, tailored and expert advisory to companies doing business in European markets and serving both B2B and B2C customers. With more than 100 cybersecurity projects delivered, she assists entities in preparing, implementing and maintaining the right best practices under the ISO 27001 compliance framework and GDPR article 25 obligation (Privacy by design) for their vendors. Carole Njoya featured in the « Women Know Cybersecurity » 2019 Twitter list edited by Cybercrime Magazine. Carole Njoya is committed in science and engineering since pre-teen period.
Date: September 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
YouTube video: https://youtu.be/U7tyzUrh8aI
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
The management of AI systems is a shared responsibility. By implementing the ISO 31000 Framework and complying with emerging regulations like the EU ACT, we can jointly create a more reliable, secure, and trustworthy AI ecosystem.
Amongst others, the webinar covers:
• Understanding AI and the regulatory landscape
• AI and the threat landscape
• A risk driven approach to AI assurance - based on ISO 31000 principles
• Stress testing to evaluate risk exposure
Presenters:
Chris Jefferson
Chris is the Co-Founder and CTO at Advai. As the Co-Founder of Advai, Chris is working on the application of defensive techniques to help protect AI and Machine Learning applications from being exploited. This involves work in DevOps and MLOps to create robust and consistent products that support multiple platforms, such as cloud, local, and edge.
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG. Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant. In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense that prioritized key risks to the organisation and helped minimize disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicist in the Oil and Gas Industry.
Date: August 24, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/MXnHC6AvjXc
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
Generative AI offers great opportunities for innovation in various industries. Hence, by adopting ISO/IEC 27032, you can enhance your cybersecurity resilience and efficiently address the risks associated with generative AI.
Amongst others, the webinar covers:
• AI & Privacy
• Generative AI, Models & Cybersecurity
• AI & ISO/IEC 27032
Presenters:
Christian Grafenauer
Anonymization expert, privacy engineer, data protection officer, LegalTech researcher (GDPR, Blockchain, AI) Christian Grafenauer is an accomplished privacy engineer, anonymization expert, and computer science specialist, currently serving as the project lead for anonymity assessments at techgdpr. With an extensive background as a senior architect in Blockchain for IBM and years of research in the field since 2013, Christian co-founded privacy by Blockchain design to explore the potential of Blockchain technology in revolutionizing privacy and internet infrastructure. As a dedicated advocate for integrating legal and computer science disciplines, Christian’s expertise in anonymization and GDPR compliance enables innovative AI applications, ensuring a seamless fusion of technology and governance, particularly in the realm of smart contracts. In his role at techgdpr, he supports technical compliance, Blockchain, and AI initiatives, along with anonymity assessments. Christian also represents consumer interests as a member of the national Blockchain and DTL standardization committee at din (German standardization institute) in ISO/TC 307.
Akin Johnson
Akin J. Johnson is a renowned Cybersecurity Expert, known for his expertise in protecting digital systems from potential threats. With over a decade of experience in the field, Akin has developed a deep understanding of the ever-evolving cyber landscape.
Akin is an advocate for cybersecurity awareness and frequently shares his knowledge through speaking engagements, workshops, and publications. He firmly believes in the importance of educating individuals and organizations on the best practices for safeguarding their digital assets.
Lucas Falivene
Lucas is a highly experienced cybersecurity professional with a solid base in business, information systems, information security, and cybersecurity policy-making. A former Fulbright scholar with a Master of Science degree in Information Security Policy and Management at Carnegie Mellon University (Highest distinction) and a Master's degree in Information Security at the University of Buenos Aires (Class rank 1st). Lucas has participated in several trainings conducted by the FBI, INTERPOL, OAS, and SEI/CERT as well as in the development of 4 cyber ISO national standards.
Date: July 26, 2023
YouTube Link: https://youtu.be/QPDcROniUcc
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
By embracing the importance of GDPR and leveraging ISO/IEC 27701, you can enhance your data protection practices, achieve compliance, and minimize the risk of penalties.
Amongst others, the webinar covers:
Importance of Data Protection
Understanding Data Collection and Challenges
Introduction to GDPR
Key Principles of GDPR
Who does GDPR Apply to and Its Global Implications
Introduction to ISO/IEC 27701
Implementing ISO/IEC 27701
Privacy by Design
Dealing with IT on a Daily Basis
Building Awareness and Training
Audit, Data Discovery, and Risk Assessments
Presenters:
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Lisa Goldsmith
Lisa Goldsmith is the founder of LJ Digital and Data Consultancy. Lisa has over 23 years’ experience of supporting leadership teams in membership, charity, and wider not-for-profit organisations to simplify their IT and digital strategy that allows them to sleep soundly at night, knowing their systems and processes are fit for purpose, GDPR compliant, secure and that they deliver value to staff, members, and stakeholders.
Prior to starting her own consultancy, Lisa gained extensive experience working for membership organisations and has knowledge and expertise at all levels of operations from working within careers and qualifications teams, as Membership Manager, as Head of Digital & IT for delivering large-scale digital, IT and GDPR compliance projects and serving on several Senior Leadership Teams. Lisa is also currently a Trustee of the BCLA and Groundwork East.
Date: June 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/lfJrSLaGDtc
Website: https://bit.ly/437GOnG
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
The EU has implemented a range of regulations aimed at strengthening its cybersecurity posture. In this context, the ISO/IEC 27001 standard offers a comprehensive framework for managing and safeguarding sensitive information, such as personal data.
Amongst others, the webinar covers:
• Quick recap on the ISO/IEC 27001:2013 & 2022
• ISO/IEC 27001 vs legislation
• The EU Cyber Legislation landscape
• Some considerations and consequences
• How to stay on top of the ever changing context
Presenters:
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Jean-Luc Peters
Jean-Luc Peters brings 25 years of IT technology, information and cybersecurity expertise to boards, executives, and employees. Since the younger age he has held management positions in the private and government sector. He is currently the Head of the Cyber Emergency Response team for the National Cybersecurity Authority in Belgium. In addition to this, he is also a trainer, coach and trusted advisor focusing on enhancing cyber resilience.
Jean-Luc has helped in the technical implementation of the NIS 1 (Network and Information Security) Directive transposition in Belgium, defining the Baseline Security Guidelines governmental ISMS framework and many other projects. He holds several certifications, including ISO/IEC 27001 Lead Implementer, ISO/IEC 27005 Auditor, CISSP, GISP, Prince 2 Practitioner, ITIL etc.
Date: May 31, 2023
Tags: ISO, ISO/IEC 27001, Information Security, Cybersecurity
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/rsjwwF5zlK8
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
Integrating ISO/IEC 27001 and ISO 31000 can help organizations align their information security and risk management efforts with their overall business objectives, leading to more effective risk management and better decision-making.
Amongst others, the webinar covers:
• Aligning the ISMS process with ISO/IEC 27001
• Using ISO 31000 within the ISMS
• Aligning the RM process with ISO 31000
• How/where does ISO/IEC 27001 fit?
Presenters:
Nick Riemsdijk
As a highly experienced and multi-skilled leader in Information and Physical Security, Nick is known as a collaborative, focused, driven and highly analytical individual with a broad portfolio of successes in client engagements. His expertise spans devising, implementing, managing and delivering information security, physical security, organizational resilience and facilities management solutions for organizations. He is certified as a Certified Information Security Manager (CISM), Certified Protection Professional (CPP), in Project Management (Prince2), ISO 22301 (Business Continuity), ISO 27001 (Information Security), and ISO 31000 (Risk Management).
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Date: March 23, 2023
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/Xj0U2mbpZUs
IT Governance and Information Security – How do they map?PECB
Effective IT Governance requires proper Information Security practices to ensure that the organization's data is secure. On the other hand, Information Security policies and procedures must be aligned with the organization's overall IT Governance framework to ensure that security measures do not negatively impact business operations.
Amongst others, the webinar covers:
▪ Bring Governance and InfoSec Together
▪ Answering WIIFM
▪ Business Terms
Presenters:
Dr. Edward Marchewka
Dr. Edward Marchewka is a seasoned executive that has come up through the ranks in the IT vertical, expanding into information security, quality management, and strategic planning.
Edward founded and serves as the Principal for 3LC Solutions, enabling YOU to Tell a Better Story in business, with our vCIO, vCISO, quality, and strategy consulting services, through metrics and relating risk to the business with our CHICAGO Metrics® SaaS solution.
He has also held several roles leading information technology, most recently with Gift of Hope Organ and Tissue Donor Network, leading the Information and Technology Services department as the Director of IT, Data, and Security Services. Prior to Gift of Hope, he ran information security for Chicago Public Schools.
Edward has earned a Doctorate of Business Administration from California Southern University and Masters’ degrees in Business Administration and Mathematics from Northern Illinois University. He earned Bachelors’ degrees in Liberal Studies and Nuclear Engineering Technologies from Thomas Edison State College, N.J. Edward maintains several active IT, security, and professional certifications from (ISC)2, ASQ, ITIL, PCI, PMI, ISACA, Microsoft, and CompTIA. He has held legacy IT certifications from Cisco and HP, and a designation from the National Security Agency.
Date: February 22, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-38500
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/2bSbAdL5Idg
Student Information Session University Digital Encode.pptxPECB
oin us as our Director for Business Mustafe Bislimi teams up with Dr. Obadare Peter Adewale, our academic partner Digital Encode Limited, to provide valuable information about our programs, admissions process and specialization and elective courses.
Discover the opportunities available to you as a student at PECB University and get a firsthand look at what makes us a top choice for education.
Whether you're a prospective student or simply curious about PECB University, don't miss this informative session! Subscribe to our channel and stay tuned for more videos.
For inquiries regarding admission process contact us: university.studentaffairs@pecb.com
-EMBA in Cybersecurity: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHJQUUpjMmY2NmcyeURhTzE5VlRSNjg2Y1hwd3xBQ3Jtc0tuLTZqdmZyWkc2VVNQV21YRTlKZUQ2SEtUenNXbzYyb1ZianV5cldDYTViWjZ1eVhCNWtxWHI3VTNwRS1BOE4wTERkZ3BtcndwM0sxdVoydWZYSXBkV2hYd2lwU0NLSTk5WERWMlhtVk1Ud2tuWTRjTQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fcybersecurity&v=3YJbbr708pk
-EMBA in Business Continuity Management: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3JQTGVhd1VfeG1weWNzUzRrMmg2bk0tc3kxUXxBQ3Jtc0tsOVF5VG82TkhRU3R5TVRWWmdhMzBrSTU2eW9wby1OYWN4VTg5bkJBY0lhTmNsOFhETzB5cVp0WU8zbTQwTlZkdk9Dby1fSXdhWmRpZFFPUmk3NS1QOGpMOVBlaDFhVVpwa2JZMkxKNGRnTnppMm93SQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fbusiness-continuity-management&v=3YJbbr708pk
-EMBA in Governance, Risk, and Compliance: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbUplMGtjOFRWbzdGWERmdTR2QjdSbTBuQUxCd3xBQ3Jtc0tsNVdOU1p6UERWM3ZySE55V2FlWlJ1aFlzUU85VEt0aVRoR0hyTjNHbUNVYVMyb0lzTkZycUtJRzNxazlDWGRqTHZQMWJPZEYwbG1xWjVJN1JNOW1QUjJBZDY3NkU5LVl0b2xxOFpkZW1ZX2F3QmF5cw&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fgovernance-risk-compliance&v=3YJbbr708pk
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
Several organizations are experiencing increased volatility in their security environment.
A proper security management system can contribute to business resilience and to its credibility, hence, organizations should continually conduct security risk assessments in order to be able to better manage their security.
Amongst others, the webinar covers:
• What is ISO 28000:2022
• Why is it important and changes
• How it operates
• Benefits to implement this standard
Presenters:
Patrick Ben
As a cybersecurity analyst, Patrick is highly skilled in identifying and mitigating security threats to computer systems and networks. With a strong background in computer science and a passion for staying up-to-date on the latest security trends, he is able to analyze and evaluate security risks and develop effective strategies to protect against them. I have experience working with a variety of security tools and technologies, including firewall configurations, intrusion detection systems, and network security protocols. Patrick is also proficient in coding languages such as Python and Java, which allows him to analyze and understand complex security systems at a deeper level.
Overall, Patrick’s goal is to use his expertise and experience to help organizations and individuals protect their systems and data from security threats. He is excited to continue learning and growing in the field of cybersecurity and to make a positive impact in the world of information security.
Date: December 14, 2022
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection
https://pecb.com/article/isoiec-27001---what-are-the-main-changes-in-2022
https://pecb.com/article/investing-in-information-security-awareness
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Webinar: https://youtu.be/G2Ru7jiSRmE
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
How libraries can support authors with open access requirements for UKRI fund...
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
1. PECB Webinar 2nd December 2015
Speaker : Fabrice De Paepe
Senior Information Security Consultant / PECB Partner & Trainer
Introduction to ISO/IEC 27032
2. What’s the n°1 worldwide security threat ?
Introduction to ISO 27032 2
3. Hacking Will Replace Terrorism
FBI Director Robert Mueller reiterated his testimony
cyber-threats would surpass terrorism as the
country's top concern (2012)
Introduction to ISO 27032 3
4. Schedule for the day
An overview of Cybersecurity
Cybersecurity relationships within other
type of security
Guidance for addressing common
cybersecurity issues
Convincing stakeholders to collaborate
on resolving cybersecurity issues
Introduction to ISO 27032 4
5. 1- An overview of Cybersecurity
What is Cyberspace ?
“The cyberspace can be described as a virtual
environment, which does not exist in any physical
form, but rather, a complex environment or space
resulting from the emergences of the Internet, plus the
people, organizations, and activities on all sorts of
technology devices and networks that are connected
to it”
(ISO 27032)
Introduction to ISO 27032 5
6. 1- An overview of Cybersecurity
What is Cybersecurity ?
“ Cyberspace security or Cybersecurity is about the
security of this virtual world”
“Cybersecurity relates to actions that stakeholders
should be taking to establish and maintain security in
the Cyberspace”
(ISO 27032)
Introduction to ISO 27032 6
7. 1- An overview of Cybersecurity
ISO 27032 provides guidance for improving the state
of cybersecurity with a focus on :
Introduction to ISO 27032 7
Attacks by malicious and potentially unwanted software
Social Engineering attacks
Information sharing and coordination
9. 2 – Cybersecurity relationships within other type of
security
Introduction to ISO 27032 9
ISO27001 ISO27032
10. 2 - Cybersecurity relationships within other type of
security
Introduction to ISO 27032 10
11. 3 – Guidance for addressing Common Cybersecurity issues
Introduction to ISO 27032 11
Assets in the Cyberspace
Assets
Information Software Physical Services People
reputation,
image
12. 3 – Guidance for addressing Common Cybersecurity issues
Introduction to ISO 27032 12
Assets in the Cyberspace
Assets
Personal
Physical
Personal digital device
endpoint, smartphone
Virtual
Online credit
information, Bitcoins
Organizational
Physical Infrastructure
Virtual Online Brand
13. 3 – Guidance for addressing Common
Cybersecurity issues
Introduction to ISO 27032 13
Threats to personal or organizational assets in the
Cyberspace
Threats
Personal
Physical
Identity issue
Leakage, theft of personal
information
Virtual
Virtual theft
and mugging
Organizational
Disclosure of Personal info from employees, clients, partners, suppliers
Financial filling regulations breached
Government agencies
Gray area in which terrorism thrives
14. 3 – Guidance for addressing Common
Cybersecurity issues
Social engineering attacks
Hacking
Malicious Software (malware)
Spyware
Unwanted software
Introduction to ISO 27032 14
15. 3 – Guidance for addressing Common
Cybersecurity issues
Application Level Controls
Server Protection
End user controls
Social Engineering attacks
Introduction to ISO 27032 15
16. 3- Guidance for addressing Common
Cybersecurity issues – Technical controls
Introduction to ISO 27032 16
• Display Short notice of the company’s
essential online services
• Secure
• Handling of sessions for Web Applications
(Cookies, Session Fixation,.)
• Input validation and handling to prevent
attacks (SQL Injection)
• Web page Scripting to prevent XSS
• (See Owasp, ISO 27034, CWE, SANS)
• Code Security Review
• HTTPS- SSL
Application
Level
Controls
17. 3- Guidance for addressing Common
Cybersecurity issues – Technical controls
Introduction to ISO 27032 17
• Hardening
• Implement a system to test and deploy
security patches
• Monitor the security performance
• Review the security configuration
• Run anti-malicous software controls (anti-
virus, anti-malware)
• Scan all hosted and uploaded contents
regularly
• Perform regular vulnerability assessment
• Regularly scan for compromises
Server
Protection
(against
unauthorized
access of
malicious
content on
servers)
18. 3- Guidance for addressing Common
Cybersecurity issues – Technical controls
Introduction to ISO 27032 18
•Use of supported OS
•Use of the latest supported Software
applications
•Use of anti-virus and anti-spyware
•Enable script blockers
•Use phishing filters
•Use other available web browser security
features
•Enable personal FW & HIDS
•Enable automated update
End-
user
19. 3- Guidance for addressing Common
Cybersecurity issues – Technical controls
Introduction to ISO 27032 19
•Policies
•Methods and processes
•Categorization and classification
of information
•Awareness and training
•Testing
•People & Organization
•Technical
Social
engineering
attacks
20. 3- Guidance for addressing Common Cybersecurity issues –
Framework of information sharing and coordination
Introduction to ISO 27032 20
IPO
Information
Providing
Organisation
IRO
Information
Receiving
Organisation
21. 3- Guidance for addressing Common Cybersecurity issues –
Framework of information sharing and coordination
Policies
• Policies should be defined to address the
lifecycle of the Cybersecurity incident
information from creation to transfer and
destruction to ensure C.I.A are maintained
• Classification and categorization of information
• Information minimization
• Limited audience
• Coordination protocol
Introduction to ISO 27032 21
22. 3- Guidance for addressing Common Cybersecurity issues –
Framework of information sharing and coordination
Methods and Processes
• Classification and categorization of
information
• NDA
• Code of Practice
• Testing and drills
• Timing and scheduling of information sharing
Introduction to ISO 27032 22
23. 3- Guidance for addressing Common Cybersecurity issues –
Framework of information sharing and coordination
People and organizations
•Contacts
•Alliances
•Awareness and training
Introduction to ISO 27032 23
24. 3- Guidance for addressing Common Cybersecurity issues –
Framework of information sharing and coordination
Technical
• Data standardization for automated system
• Data visualization
• Cryptographic key exchange and software/hardware backups
• Secure file sharing, instant messaging, web portal, and
discussion forum
• Testing systems
Introduction to ISO 27032 24
25. 4 – Convincing stakeholders to collaborate on resolving security issues
Introduction to ISO 27032 25
•individuals
•organizations
Roles of consumers
Roles of providers
26. 4 – Convincing stakeholders to collaborate on
resolving security issues
Introduction to ISO 27032 26
Roles of consumers (individuals)
General Cyberspace Application user
Online Gamer, instant messaging, websurfer…
Buyer (Ecommerce)
Seller (Ebay)
Blogger (blog, wiki, twitter, youtube,…)
IAP (Idenpendent Application Provider)
You as an employee of an organization
...
When a user visits a site which requires authorization, and
unintentionally gain access, the user may be labelled as
an intruder.
27. 4 – Convincing stakeholders to collaborate on
resolving security issues
Introduction to ISO 27032 27
Roles of consumers (organizations)
Should extend their corporate responsibilities to
Cyberspace
By proactively ensuring that their practices and actions do not
introduce further security risks (into the cyberspace)
Some proactive measures :
Implementing ISMS
Proper security monitoring and response
Incorporating Security as part of the SDLC (ISO 27034)
Regular security education of users
Understanding and using proper channels
28. 4 – Convincing stakeholders to collaborate on
resolving security issues
Introduction to ISO 27032 28
Roles of consumers (organizations)
The government, law enforcement agencies and regulators
may have the following roles to play :
Advise organizations of their R&R in the Cyberspace
Share info with other stakeholders
On the latest trends and developments in technology
On the current prevalent risks
Be a conduit for receiving any information with regards to security
risks
Be the primary coordinator for info dissemination and orchestration
Ex: National CERT (cert.be, cert.lu)
29. 4 – Convincing stakeholders to collaborate on
resolving security issues
Introduction to ISO 27032 29
Roles of providers
Same roles and responsibilities as consumer organizations
They have additional responsibilities in maintaining
cybersecurity by providing
Safe and secure products and services
Safety and security guidance for end-users
Security inputs to others providers and to consumers
30. 4 – Convincing stakeholders to collaborate on resolving
security issues
Consumers
- Individuals
- Organizations
- Private
- Public
Providers
- Internet Service Providers
- Application Service Providers
Personal
- Physical Assets
- Virtual Assets
Organizational
- Physical Assets
- Virtual Assets
Best Practices
- Preventive
- Detective
- Reactive
Coordination &
Information Sharing
Introduction to ISO 27032 30
Stakeholders Assets
Measures
31. 4 – Convincing stakeholders to collaborate on
resolving security issues
Introduction to ISO 27032 31
Guidelines for Stakeholders
Risk assessment and treatment
ISO31000 and ISO27005 guidelines are sufficient for addressing
Cybersecurity Risks
Guidelines for Consumers
Learn and understand the security and privacy policy of
the site and application concerned as published by the site
provider
Manage online identity
…
32. 4 – Convincing stakeholders to collaborate on
resolving security issues
Introduction to ISO 27032 32
Guidelines for organizations and services providers
Manage IS Risks in the business
ISMS
Provide Secure Products
Network Monitoring and Response
Support and Escalation
Keeping up-to-date with latest development
Address security requirements for hosting Web and other
cyber-application services
Comply with practices standards, policy, terms of agreements,
Data Protection, Privacy, …protected against unauthorized access
Provide security guidance to consumers
How to stay secure online (security newsletter, direct broadcast,
security seminar,…)
33. Conclusion
Introduction to ISO 27032 33
Cyber security is everyone’s business, impacts could
be catastrophic
Cybersecurity risks involve a combination of
multiples strategies, taking into account the various
stakeholders (consumer, employee, partner, third
party,…)
Risks need to be identified and addressed
Need of Awareness and Communication on how to
report – detect potential risk and security incidents
Keep an eye on new emerging technologies (e.g.:
IoT)
35. Facts
Introduction to ISO 27032 35
“The average number of days that attackers were
present on a victim’s network before they were
discovered is 229.”
Mandiant M-Trends Report 2014
http://www.infosecurityeurope.com
According to the FBI’s Director (Robert Mueller – 2012)
Cela veut surtout dire que c’était déjà l’une des préoccupation du FBI il y a 3 ans.
Le hacking peut aussi être une arme des terroristes pour s’enrichir
Rappelez-vous un Tweet comme quoi Barack Obama a été blessé, il s’agissait en fait du piratage d’un compte twitter.
Les systèmes informatiques de la bourse de N-Y ont immédiatement réagit, cela a perturbé la valeurs des échanges
Celui qui est au courant de cela, peut après racheter à bas pris ou vendre juste avant que cela ne baisse, pour racheter à bas pris derriere
First, a few basic things. What is cyberspace?
Well – we use it everyday to exchange emails, we use the cloud to handle our bills and invoice, we speak with our partners true Skype, Viber, IMO or any other Mobile App – We use a VPN to connect to our corporate network from abroad and we read it with our Tablets from everywhere in the world. We follow distance learning trainings (MOOC), or E-learning, follow a Webex or a webinar on ISO 27032 for instance and it’s where finally I decide to purchase my Xmas gift (meaning online, doing some e shopping sessions)
While there is no lack of cybersecurity threats, and as many, albeit not standardized, ways to counter them, the focus of this International Standard is on the following key issues:
-Attacks by malicious and potentially unwanted software-
-Social engineering attacks, and
-Information sharing and coordination
Security is concerned with the protection of assets from threats, where threats are categorised as the potential for abuse of protected assets.
All categories of threats should be considered, but in the domain of security greater attention is given to those threats that are related to malicious or other human activities.
Safeguarding assets of interests is the responsibility of stakeholders who place value on those assets.
Threat agents may also put value on your assets and seek to abuse them.
The risks rely on C.I.A (Confidentiality, Integrity, Availability of the information)
Stakeholders assess risks taking into account threats that apply to their assets. This analysis can help
In the selection of controls to counter the risks and reduce it to an acceptable level.
Controls are imposed to reduce the vulnerabilities or impact to an acceptable level for the stakeholders
Stakeholders can also ask assessment of the controls to externals organizations (Pentesting, Auditors, code reviewers, social engineers,…)
ISO 27001 vs ISO 27032
There are many standards in the ISO 27001 series, all related to security. You probably don’t know much about ISO 27032:2012 because it is not as well-known as ISO 27001, ISO 27002, or ISO 22301, but it is near you, because it has to do with a place that you habitually visit: cyberspace.
ISO 27032 has not been released as an auditable international standard
The proposed guidelines regarding Governance of Cybersecurity are a direct adaptation of the ISO 27001 (ISMS) – requirements with the suggestion of extending the scope of the existing ISMS to include the transfer and sharing of information via the Cyberspace.
Organisations implementing an ISMS in accordance with ISO 27001 will be aligned to the Governance guidelines of ISO 27032 once the scope of the ISMS is extended to include Cybersecurity.
The biggest and, for many, the most welcoming adaptation of the ISO 27001 standard in ISO 27032 is the dependency on the Risk Assessment process organisations implement to comply with ISO27001.
As an organization in the Cyberspace you are still required to identify your critical assets, identify your threats and vulnerabilities and prioritise the risks to your criticals assets which will, in turn give you a framework for Cybersecurity investment.
The word “security” is a complex term that involves various disciplines, and it is composed of various domains, like application security, network security … and cybersecurity. So, cybersecurity is not synonymous with information security, application security, network security, etc. The main objective of cybersecurity is to require stakeholders to play an active role in the maintenance of cyberspace (i.e., it requires actions that stakeholders should be taking to establish and maintain security in cyberspace) and in the improvement of its reliability and utility.
This figures summarizes the relationship between Cybersecurity and other security domains.
The relationship between these security domains and Cybersecurity is complex.
Cybersecurity is different of Information Security and of Network security and Internet security
e.g Some of the critical infrastructure services, for example water distribution and transportation, need not impact the state of Cybersecurity directly or significantly. However, the lack of Cybersecurity can have a negative impact on the availability of critical information infrastructure systems provided by the critical infrastructure providers.
On the other hands the availability and reliability of the Cyberspace in many ways rely on the availability and reliability of related critical infrastructures and services (e.g telecoms)
The security of the Cyberspace is also closely related to the security of Internet, enterprise/home networks and information security in general.
Each security domains identified in the picture may have it’s own scope, objective or focus.
A basic framework for information sharing and issue or incident coordination is necessary to bridge the gaps and provide adequate assurance to the
Stakeholders in the Cyberspace.
Well, I hope you clearly see that Cybersecurity is a subset of Information Security right now and the different possible relationships between them.
An asset is anything that has value to an individual or an organization
There are many types of assets, including but not limited to …
Information
Software
Physical (hardware, computer, server)
Services
People
Reputation, image
For the purpose of this Standard, assets in the Cyberspace are classified into the following classes :
Personal and organizational
For both classes, an asset can also be further classified as
a physical asset (whose form exist in the real world)
or a virtual asset (which only exists in the Cyberspace and cannot be seen or touched in the Real World)
Threat to personal assets revolve mainly around identity issues, posed by leakage or theft of personal information
Ex: Credit information can be sold on the black market, which can facilitate online identity theft
As rules and regulations for the protection of real physical assets, in connection with the Cyberspace, are still being written,
Those pertaining to virtuals assets are almost non-existent. Extra care and caution must be undertaken by participants.
In the event of a successfull attack, personal information from employees, clients, partners or suppliers could be disclosed
and result in sanctions, against the organizations.
Financial filling regulations could also be breached if organizational results are disclosed in an unauthorized manner.
Well, recent events around the world remind us that terrorism is still a threat and is present.
The Government agencies also need to protect their data if they want to fight against these organizations
Cyberspace is a gray area in which terrorism thrives, thanks to the ease of communication provided by the Cyberspace.
It’s really difficult to regulate and control the way that it can be used (borders, scope, boundaries,...)
Attack mechanisms
This standard highlights 5 types of attacks
Attacks can come from inside the Private Network or outside the Private Network (meaning from Internet)
Inside –
normally launched inside an organization’ private network, typically the local area network, and can be initiated by employees
or someone who get access to a computer or network within an organization or individual’s premises.
Outside
DoS, XML Bomb, buffer overflow, IP spoofing , …
Many of the attacks are carried out using malicious software, such as spyware, worms and
viruses.
Information is often gathered through phishing techniques.
These attacks can be propagated via suspicious websites, unverified downloads, spam emails, remote exploitation, and infected removable media.
Other mechanisms growing in use are those based on social networking (Clickjacking, you click on a video on Facebook and nothing happen,
Well indeed, there is no Video, rather a remote script, or a trojan is installed in stealth mode on your computer…)
Individuals tend to implicitly trust messages and content received from contacts previously accepted in their
profiles on their social networking websites. Once an attacker can disguise him/herself
as a legitimate contact, the attacker can engage others, and a new avenue is open for launching the various
types of attacks previously discussed.
I’m pretty sure, if I send you an email as the CEO of a major company (from the inside), and you work for this company,
I’m sure you will click on the link I provided you.
Legitimate websites can also be hacked into and have some of their files corrupted and used as a means for
perpetrating attacks. Individuals tend to implicitly trust commonly visited websites, often bookmarked in their
Internet browsers for a long time, and even more those which use security mechanisms such as SSL (Secure
Sockets Layer).
We will see later some precautions against this.
Once the risks are identified and appropriate guidelines are drafted, Cybersecurity controls that support the security requirements can be selected and implemented. This is an overview of the key Cybersecurity controls that can be implemented to support the guidelines laid out in this Standard
The technical controls include :
Application level controls
Implement controls to protect against unauthorized data edits, carry out transaction logging, and error handling
Secure coding must be implemented to secure information collected by products in the Cyberspace
Server Protection
Controls must be implemented to ensure servers are securely accessible from the Cyberspace and protected against unauthorised access
and malicious content
End-user Controls
Controls must be implemented to protect the end user infrastructure across organisations against known exploits and attacks
Controls against social engineering attacks
Organisations should train and educate users on the use of suitable technical controls to protect against known exploits and attacks.
As a general guide, technical controls defined in this section of ISO27032 should be implemented
Application level controls include the following
1 Display short notice of the company’s essential online services so users ara able to make more informed choices about sharing their information online.
Have a look also at local Charters e.g e-commerce compliancy Charter, Ethical Charter …in your different countries
2 Secure handling of sessions for Web Applications (Cookies, Cookie Flag)
Secure input validation and handling to prevent attacks such as SQL-Injection
Secure Web page Scripting to prevent common attacks suchs a XSS
See OWASP and ISO 27034, CWE , SANS
3 Code Security Review and testing by appropriate skilled entities
4 HTTPS – SSL the organization’s service should be provided in a fashion that the consumer can authenticate the service.
Well there is nothing new here and it looks really abious to me
Server Protection
1°) Hardening – in accordance to a baseline security configuration guide
2°) Implement a system to test and deploy security updates, and ensure the server OS and applications are kept up-to-date promplty when
New security updates are available
3 Monitor the security performance of the server through regular reviews of audit trails
4 Review the security configuration
5 Run anti-malicous software controls (anti-virus, anti malware) on the server
6 Scan all hosted and uploaded contents regularly
7 Perform regular vulnerability assessments and security testing for the online sites and applications to ensure that their security is adequately maintained
Regularly scan for compromises –
and I’d say it’s not only there we need to focus on trade-offs but everywhere in business, it’s also part of negociation and Risk Analysis
Well there is nothing new here and it looks really abious to me
Server Protection
1°) Hardening – in accordance to a baseline security configuration guide
2°) Implement a system to test and deploy security updates, and ensure the server OS and applications are kept up-to-date promplty when
New security updates are available
3 Monitor the security performance of the server through regular reviews of audit trails
4 Review the security configuration
5 Run anti-malicous software controls (anti-virus, anti malware) on the server
6 Scan all hosted and uploaded contents regularly
7 Perform regular vulnerability assessments and security testing for the online sites and applications to ensure that their security is adequately maintained
Regularly scan for compromises –
and I’d say it’s not only there we need to focus on trade-offs but everywhere in business, it’s also part of negociation and Risk Analysis
Cybercriminals are increasingly resorting to psychological or social engineering tactics in order to succeed
As we are e-connected (mobile, tablet, social networks) such attacks are also transcending technology beyond the PC systems and traditional network
Connectivity (including BlueTooth, VOIP)
Rise Awareness on this – to communicate and follow the rules described in a security policy towards enduser
The ISO 27032 standard introduces the concepts of IPO and IRO which the ISO advise should feature heavily in the framework developed for
Information sharing and incident handling
IPO – Information Providing Organisation
IRO – Information Receiving Organisation
Where an IPO can becomes an IRO and vice & versa (such as Client/Server finally)
IPO – Information Providing Organisation (the sender of the Cybersecurity related information)
IRO – Information Receiving Organisation (the recipient of the Cybersecurity information)
This section of the standard provides guidelines for the implementation of a secure, reliable, effective and efficient information sharing and cyber
Incident response framework. The framework includes the following areas
This standard defines a framework of information sharing and coordination
Why ? Well when you have a security incident accross different organizations, countries, geo-localisation, different stakeholers,
you need to establish a system for information sharing and coordination to help prepare and reponsd to Cybersecurity events and incidents.
This is a basic framework, for me you can also rely on the 27035 (Information Security Incident Management)
Or if you already have an ISO 22301 (For BCP) you could also rely on the crisis management – then you define your proper « framework to communicate » based on the existing processes at your company.
Policies
Classification and categorization of information
IPO should determine the different categories of information they collect
Security events, security threats, security vulnerabilities, suspected/confirmed perpertretors profiles and so forth
For each category it should be further broken down into two or more classifications based on the contents of the information involved. (e.g sensitive and unrestrictred), if information contains personal data, pribacy may also be applied
Then you can also have a look at the ISO 29100 – which defines a framework to implement Privacy.
Information minimization
For each category and classification IPO should exercice caution to minimize the information to be distributed
Limited audience
In line, with the minimization principle, a policy to limit the audience, which may be to a specific contact person, group, or organization, for distrinution is necessary when sharing information containing private or confidential data.
Coordination protocol
A High-level policy for coordinating the request and distribution (whether it is IPO , or IRO intiated) should be established.
To implement the policies defined in the framework and ensure consistency in practices of information sharing and incident handling, the appropriate methods and processes should be in place which all parties involved in the information sharing practices follow
Methods and processes
Classification and categorization of information
Information to be shared will come from both open (e.g Internet, newspapers) and closed sources (not public available)
NDA (Non Disclosure Agreement)
Bear in mind we are in a context of information sharing – that said.
We need it to ensure the adequate handling and protection of sensitive, personal, confidential information
shared among IPO and IRO.
while responding to Cybersecurity events, the pre-establishement of an NDA enables swift sharing and distribution of information amongst authorized parties.
Code of practice
Establishing this is a good practice to ensure adequate sharing and handling of sensitive information
Testing and Drills
To ensure effectiveness and reliability and to achieve the desired level of efficiency, methods and processes should be devleoped for conducting regular testing and drills scenario
Timing and scheduling of information sharing
Define also the requirements to share the information at which interval.
Some organizations will need Real-Time information, others will accept some delay – as it also provide them time for further analysis.
People & organizations are the key determinants to the success of cybersecurity.
People refers to individuals involved in executing the methods and processes for information sharing and coordinating to make a positive
Difference to the outcomes of Cyberseucrity events.
While Organizations refer to groups of people within a company up to entire company involved in such activities.
Contacts
a list of contacts should be copiled by the IPO and IRO and mutually exchanged.
(it’s the same in business continuity with ISO 22301 and if you need to operate an BCMS, it’s the same in crisis management and incident management, look obious isn’t ?
Alliances
to facilitate information sharing , establish common and consistent practices governed by an agreed code of practice and/or NDA,
organizations and groups of individuals may form alliances based on their aread of interest.s
(e.g : Interpol , antispyware coalation, saferinternet.be )
Awareness and training
People in organizations should be made aware of emerging and new Cybersecurity risks and trained so that they develop the required skills and expertise to respond effectively to any situation related to cybersecurity
These controls may be used to improve efficicency, reduce human error, and enhance security involved in the information sharing and coordination
processes
Data standardization for automated system
These systems may be developed and deployed amongst coordination organizations to collect data on evolving Cybersecurity events
For real-time and offine analysis assessments
Data visualization
It’s kind of representation of Data without the help of technicians
Secure file sharing, instant messaging, web portal, and discussion forum
IPO and IRO should consider using suitable file sharing tools that can meet the security effectiveness, efficiency and reliability needs.
Testing Systems
Of course, you need to test your tools, methods, processes, scenarios (it should be considered)
You can simulate with the perception of each organization
Introduction
To improve the state of Cybersecurity, stakeholders in the cyberspace need to play an active role in their respective use and development of the Internet.
Roles can overlap with individual and organizations networks (intranet, extranets, website, networks exposed to the Internet,…)
Pitfall – because of this overlap roles can be seen as insignifant for the concerned stakeholders, But significant to enhancing Cybersecurity
Roles of stakeholders in Cybersecurity
Roles of consumers
Individuals
They may assume different roles in different context and applications
It may include
-General cyberspace application user, general user, online auction and marketplace sites for interested byers
and vice and versa
-Buyer/seller
-Blogger and other contents contributor (twitter, wikipedia, youtube,…)
- Member of an organization, ...
ex: an individual acting as buyer or seller can unknowingly participate in criminal transactions of selling
stolen goods or money laundrey activities
And you can switch from task to task during the day, so from role to role also ....
Roles of stakeholders in Cybersecurity
Roles of Organizations
The organizations should extend their corporate responsibilities to the Cyberspace.
How ? By proactively ensuring that their practices and actions do not introduce further security risks (into the Cyberspace)
Some proactive measures include:
- Implementing ISMS
- proper security monitoring and response;
- incorporating security as part of the Software Development Life-cycle (SDLC),
- regular security education of users in the organization through continuous technology updates and keeping
track of latest technology developments;
- understanding and using proper channels in communicating with vendors and service providers on security
issues discovered during usage.
Roles of stakeholders in Cybersecurity
The government, primarily law enforcement agencies and regulators, may have the following important roles to play:
— advise organizations of their roles and responsibilities in the Cyberspace;
— share information with other stakeholders on the latest trends and developments in technology;
— share information with other stakeholders on the current prevalent security risks;
— be a conduit for receiving any information, whether close or open, with regard to security risks to the
Cyberspace; and
— be the primary coordinator for information dissemination and orchestrating any required resources, both
at national-level or corporate level, in times of crisis arising from a massive cyber-attack.
Service providers are also consumer organizations. They are thus expected to observe the same roles and responsibilities as consumer organizations.
As Service providers they have additional responsibilities in maintaining or even enhancing cybersecurity.
Providing safe and secure products and services
Providing safety and security guidance for end-users
Providing security inputs to others providers and to consumers about trends and observations of traffic in their network and services
This picture provided an overview of the salient points in the approach taken in this standard.
Consumers refer to individual users as well as private and public organizations
Private organizations include small and medium enterprises (SMEs), as well as large enterprises.
Government and other public agencies are collectively referred to as public organizations.
An individual or an organization becomes a consumer when they access the Cyberspace or any services available in the Cyberspace.
And you see,
A consumer can also be a provider it it provides a service in the Cyberspace (ISP) or enables another consumer to access the Cyberspace.
A consumer of a virtual world service may become a provider by making available virtual products and services to other consumers.
Providers refer to providers of services in the Cyberspace, as well as ISP’s that enable
consumers to access the Cyberspace and the various services available in the Cyberspace.
Providers might also be understood as carriers or wholesalers, versus distributors and retailers of access
services.
Application service providers make services available to consumers through their software. These services
take many forms and include combinations of the following non-exhaustive list:
— document editing, storage, distribution;
— online virtual environments for entertainment, communications and interaction with other users;
— online digital media repositories with aggregation, indexing, search, store-front, catalogue, shopping cart
and payment services; and
— enterprise resource management functions such as human resource, finance and payroll, supply chain
management, customer relationship, invoicing.
Guidelines for Stakeholders
ISO 31000, Risk management – Principles and guidelines , provides principles and generic guidelines on risk
Management.
ISO 27005, Information technology – Security techniques – Information security risk
management , provides guidelines and processes for information security risk management in an organization,
Supporting in particular the requirements of an ISMS according to ISO/IEC 27001.
Guidelines for consumers (non exhaustive list)
My dears, it means when you want to install a new mobile app, or a new version of a patch (Adobe) or a new version of OS (Mac)
You will need to read dozen of Policy pages prior saying “Yes I’ve read it”
Manage online identity
use different identifiers for different web applications an minimize the sharing of personal information to each website
or application requesting such information
-Manage IS risks in the business
-Address security requirements for hosting website and other cyber-application services
-Provide security guidance to consumers
ISMS
Provide secure products
Could be independently validated against Common Criteria Scheme
(Personnaly I would validate it against SDLC and ISO 27034, OWASP and so forth)
Network monitoring and reponse
to ensure reliability and quality of the network services
Support and escalation
Prevention
Understand the business processes, assets & evolving technology
Professionnals need to know their environment (internal/external) factors
business plan, processes, regulation
Risk Analysis (prioritize)
Communicate with stakeholders and agree on findings and recommendations
2 Incident Response
Detection
CERT – CSIRT – Specialized Team of a Security Incident Team
Fast Incident Response –
Incident Response and Management Responsible Vulnerability Disclosure Incident Response
Recovery
Forensics
Cybersec attacks increase
People are always the most vulnerable (Social Engineering, Awareness, Policies, Cybersec culture, … )
It takes time to discover intruders (and what about if you dont have a Detection Team, Monitoring, Response Team, .?
PECB will launch a brand new training in #Nice (France) in January.
With the consent of PECB we started a campaign with the Trainings Mascot called BlueOwl
The beast tweets about Cybersecurity, meets security professionals across Europe, and join also Cybersecurity Events
Feel free to #FollowBlueOwl on Twitter
The campaign started 2 weeks ago, and we still got some surprises for you untill January.