Managing Risk with ISO 31000

The first International Risk Management Standard ISO 31000:2009, together with ISO Guide 73:2009, was released by the International Organisation for Standardisation (ISO) on 15 November 2009.

 

And since IT Security is an integral part of Risk Management, it is useful for anybody interested in IT Security to know the basics of this new Risk Management ISO Standard.

 

Continue reading “Managing Risk with ISO 31000”

Smart Phones – Convenience or Threat?

The use of smart phones to access sensitive corporate information away from the office is creating huge security gaps for enterprises. Smart phones are being used to access company mails and applications. Atleast one major breach involving theft of application code has been attributed to malware from smart phones. So how do we benefit from the technology while addressing the risks Continue reading “Smart Phones – Convenience or Threat?”

Log Management and Intelligence-LMI

Introduction

LMI is a governance enabler. Log data is no longer just the domain of technical personnel (traditionally used for trouble shooting). Log data is no longer just an IT asset and it is a corporate and business asset. It is used extensively by both management and external parties (auditor, forensic investigators) and hence has gained executive level visibility. In this post we look at the new approach to log management.

Continue reading “Log Management and Intelligence-LMI”