Toggle SlidingBar Area

Rhand Leal

/Rhand Leal

About Rhand Leal

This author has not yet filled in any details.
So far Rhand Leal has created 58 blog entries.

Segregation of duties in your ISMS according to ISO 27001 A.6.1.2

Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and processes (e.g., stock exchange operators and air traffic controllers). While this is good to improve productivity, a potential side effect is that these few people may end up gathering excessive ...

The post Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 appeared first on 27001Academy.

By | November 21st, 2016|BSI, ISMS, ISMS (BSI, ISO 27001), ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Segregation of duties in your ISMS according to ISO 27001 A.6.1.2
Read More

Segregation of duties in your ISMS according to ISO 27001 A.6.1.2

Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and processes (e.g., stock exchange operators and air traffic controllers). While this is good to improve productivity, a potential side effect is that these few people may end up gathering excessive ...

The post Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 appeared first on 27001Academy.

By | November 21st, 2016|BSI, ISMS, ISMS (BSI, ISO 27001), ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Segregation of duties in your ISMS according to ISO 27001 A.6.1.2
Read More

Data Privacy Protection, ISO 27001 and CISPE Code of Conduct

With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data of European citizens are rushing to adapt their operations to new requirements to avoid problems with customers and authorities. With respect to cloud infrastructure services, a particular effort may come ...

The post Data Privacy Protection, ISO 27001 and CISPE Code of Conduct appeared first on 27001Academy.

By | Oktober 31st, 2016|Blog, BSI, CISPE, cloud services, Data privacy, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO 27017, ISO 27018, ISO27001, ISSO 27002, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Data Privacy Protection, ISO 27001 and CISPE Code of Conduct
Read More

Data Privacy Protection, ISO 27001 and CISPE Code of Conduct

With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data of European citizens are rushing to adapt their operations to new requirements to avoid problems with c...

By | Oktober 31st, 2016|BSI, ISMS, ISMS (BSI, ISO 27001), ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Data Privacy Protection, ISO 27001 and CISPE Code of Conduct
Read More

How to integrate COSO, COBIT, and ISO 27001 frameworks

Recently, the ISO (International Standardization Organization) updated ISO 9001, ISO 14001, and ISO 27001 to make easier to use them together. But, how do they interact with practices outside the ISO world? How to integrate COSO, COBIT, and ISO 27001 frameworks. This article will present how ISO 27001 can be ...

The post How to integrate COSO, COBIT, and ISO 27001 frameworks appeared first on 27001Academy.

By | Oktober 10th, 2016|Blog, BSI, COBIT, COSO, integration, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to integrate COSO, COBIT, and ISO 27001 frameworks
Read More

How to integrate COSO, COBIT, and ISO 27001 frameworks

Recently, the ISO (International Standardization Organization) updated ISO 9001, ISO 14001, and ISO 27001 to make easier to use them together. But, how do they interact with practices outside the ISO world? How to integrate COSO, COBIT, and ISO 27001 f...

By | Oktober 10th, 2016|BSI, ISMS, ISMS (BSI, ISO 27001), ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to integrate COSO, COBIT, and ISO 27001 frameworks
Read More

Network segregation in cloud environments according to ISO 27017

In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation according to ISO 27001 control A.13.1.3), and while the concepts presented there are still valid when you consider network segregation in cloud computing environments, some new considerations must be made. ...

The post Network segregation in cloud environments according to ISO 27017 appeared first on 27001Academy.

By | September 26th, 2016|Blog, BSI, cloud environment, cloud services, ISMS, ISMS (BSI, ISO 27001), ISO 27017, ISO27001, network segregation, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Network segregation in cloud environments according to ISO 27017
Read More

Network segregation in cloud environments according to ISO 27017

In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation according to ISO 27001 control A.13.1.3), and while the concepts presented there are still valid when you consider network segregation in cloud computing environments, some new considerations must be made. ...

The post Network segregation in cloud environments according to ISO 27017 appeared first on 27001Academy.

By | September 26th, 2016|Blog, BSI, cloud environment, cloud services, ISMS, ISMS (BSI, ISO 27001), ISO 27017, ISO27001, network segregation, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Network segregation in cloud environments according to ISO 27017
Read More

How to use ISO 27017 to manage legal risks related to geographical location

Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer and a network connection to work with data, applications, and resources. While from user’s point of view this is true, cloud services ultimately rely on physical infrastructure, which has to ...

The post How to use ISO 27017 to manage legal risks related to geographical location appeared first on 27001Academy.

By | September 19th, 2016|Blog, BSI, cloud security, Geographical location, ISMS, ISMS (BSI, ISO 27001), ISO 27017, ISO27001, Legal Issues, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to use ISO 27017 to manage legal risks related to geographical location
Read More

How to use ISO 27017 to manage legal risks related to geographical location

Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer and a network connection to work with data, applications, and resources. While from user’s point of view this is true, cloud services ultimately rely on physical infrastructure, which has to ...

The post How to use ISO 27017 to manage legal risks related to geographical location appeared first on 27001Academy.

By | September 19th, 2016|Blog, BSI, cloud security, Geographical location, ISMS, ISMS (BSI, ISO 27001), ISO 27017, ISO27001, Legal Issues, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to use ISO 27017 to manage legal risks related to geographical location
Read More

Resolving cloud security concerns by defining clear responsibilities according to ISO 27017

Cloud solutions are attractive answers for those who look for cost savings and quick demand response infrastructure, and Internet searches can show you how these kinds of solutions are rapidly growing and being adopted by organizations of all sizes, especially by small and medium-sized organizations. However, their very nature requires ...

The post Resolving cloud security concerns by defining clear responsibilities according to ISO 27017 appeared first on 27001Academy.

By | August 23rd, 2016|Blog, BSI, Cloud, IaaS, Information security, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO 27017, ISO27001, Notfallmanagement, PaaS, Penetrationstest, Penetrationstests, Privacy, Risikomanagement, SaaS, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Resolving cloud security concerns by defining clear responsibilities according to ISO 27017
Read More

Using Intrusion Detection Systems and Honeypots to comply with ISO 27001 A.13.1.1 network controls

Networks are what make collaborative work possible. Without them, remote or global business wouldn’t exist. This critical role attracts attention, and makes networks a preferred target to wrongdoers, placing them in the security personnel’s top priorities. In previous articles about ISO 27001 network controls, we talked about firewalls and network segregation (see ...

The post Using Intrusion Detection Systems and Honeypots to comply with ISO 27001 A.13.1.1 network controls appeared first on 27001Academy.

By | Juli 4th, 2016|Blog, BSI, Honeynet, Honeypot, Intrusion Detection System, ISMS, ISMS (BSI, ISO 27001), ISO27001, network security, NIDS, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Using Intrusion Detection Systems and Honeypots to comply with ISO 27001 A.13.1.1 network controls
Read More

How to manage network security according to ISO 27001 A.13.1

As more and more people and organizations become interconnected, more and more information is exchanged, from that considered trivial and disposable to that most sensitive and necessary for people’s lives and business survival. That’s why today’s network infrastructure is so important, and so attractive to wrongdoers. So, to ensure the ...

The post How to manage network security according to ISO 27001 A.13.1 appeared first on 27001Academy.

By | Juni 27th, 2016|Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISMS controls, ISO 27001, ISO27001, network security, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to manage network security according to ISO 27001 A.13.1
Read More

How to manage network security according to ISO 27001 A.13.1

As more and more people and organizations become interconnected, more and more information is exchanged, from that considered trivial and disposable to that most sensitive and necessary for people’s lives and business survival. That’s why today’s network infrastructure is so important, and so attractive to wrongdoers. So, to ensure the ...

The post How to manage network security according to ISO 27001 A.13.1 appeared first on 27001Academy.

By | Juni 27th, 2016|Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISMS controls, ISO 27001, ISO27001, network security, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to manage network security according to ISO 27001 A.13.1
Read More

How to use NIST SP 800-53 for the implementation of ISO 27001 controls

In my previous article, How to use the NIST SP800 series of standards for ISO 27001 implementation, I made a description about the NIST SP800 series (documents describing computer security practices, published by the National Institute of Standards and Technology – NIST) and of some specific documents that can be ...

The post How to use NIST SP 800-53 for the implementation of ISO 27001 controls appeared first on 27001Academy.

By | Mai 10th, 2016|baseline, Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, NIST SP 800-53, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Security controls, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to use NIST SP 800-53 for the implementation of ISO 27001 controls
Read More
Kai Wittenburg