Resilience

Business Continuity Management in ISO 27002:2022

By |2022-03-07T15:52:25+01:00 7 March, 2022|News, Norms & Standards|

In February 2022, ISO 27002 "Information security, cybersecurity and privacy protection - Information security controls" was updated and replaces its predecessor from 2013 with the 2022 version. ISO 27002 is the guidance for implementing the requirements from ISO 27001 and consequently is not itself a certification standard. Certification continues to be based on the ISO 27001 standard. The title of the standard has been changed (formerly: "Information technology - Security techniques - Code of practice for information security controls"), the structure of the controls has been changed, for example by assigning attributes to the individual controls and controls have been merged, the descriptions updated and controls deleted. These changes will be included in the ISO 27001 update and will be mandatory for future ISO 27001 certifications. The following controls were added: Threat intelligence Information security for use of cloud services ICT readiness for business continuity Physical security monitoring [...]

Embedding resilience into your cloud-based modernization strategy

By |2021-08-24T08:21:15+02:00 24 August, 2021|Interest|

As part of transformation and modernization strategies, enterprises are increasingly adopting cloud-first strategies. This provides an ideal opportunity to embed resilience. Consider three core components of modernization: people, applications and IT. "We don't know of any vendor or service provider today whose business model and revenue growth is not impacted by the increasing adoption of cloud-first strategies." Those were the words of Gartner analyst Sig Nag, commenting on the company's recent finding that the public cloud services market grew an astounding 17.5 percent in 2019 to a total of $214.3 billion. While the cloud is transforming businesses of all types, a key aspect of its appeal to traditional enterprises in particular is the role it plays in modernizing existing IT structures. In particular, migrating existing IT to an Infrastructure-as-a-Service (IaaS) model can be a blessing to comprehensive modernization strategies, with pay-as-you-use pricing structures helping to streamline and scale [...]

Comments Off on Embedding resilience into your cloud-based modernization strategy

How COVID-19 is changing the future of cyber resilience through remote working

By |2021-08-23T15:43:38+02:00 23 August, 2021|Interest|

One of the clear impacts of the COVID-19 pandemic is that it has forced many organizations to resort to remote work; and this could have an irreversible impact on future work practices - and cyber resilience. The COVID-19 crisis will undoubtedly have a lasting impact on the way most organizations operate, as work life and operational structures are forced to change dramatically. One of the most obvious changes brought about by the COVID-19 pandemic is the increase in remote work. This development, brought about by the need to reduce physical contact and the spread of infection between people, is likely to remain a feature of modern life even after the worst of the pandemic is over. A key reason for this changing dynamic is that COVID-19 has shown many companies the benefits of virtual online communications. In particular, many companies have seen how effective remote work can be, [...]

Business continuity management as the key to cyber security

By |2021-08-19T08:37:59+02:00 19 August, 2021|Interest|

Resilience to cyberattacks requires much more than protective, defensive security tools and training. Resilience is also about the ability to recover quickly. Therefore, it must always include business continuity management activities. It's time to redefine the role of chief information security officers (CISOs) and budget accordingly. Although prevention is key to limiting cyberattacks, the question is whether it alone is enough. Cyberattacks are constantly increasing in number and severity. A chief information security officer is responsible for prevention, but we believe a CISO should also feel responsible for business continuity and crisis communication: The ability to respond so the business can return to business as usual as quickly as possible is a much more realistic goal than preventing attacks entirely. The goal: Detect, respond, recover and improve. But how can an organization respond to an attack while still planning for its future? By not separating preventive measures and [...]

Comments Off on Business continuity management as the key to cyber security
Go to Top