Toggle SlidingBar Area

Rhand Leal

/Rhand Leal

About Rhand Leal

This author has not yet filled in any details.
So far Rhand Leal has created 58 blog entries.

How to use NIST SP 800-53 for the implementation of ISO 27001 controls

In my previous article, How to use the NIST SP800 series of standards for ISO 27001 implementation, I made a description about the NIST SP800 series (documents describing computer security practices, published by the National Institute of Standards and Technology – NIST) and of some specific documents that can be ...

The post How to use NIST SP 800-53 for the implementation of ISO 27001 controls appeared first on 27001Academy.

By | Mai 10th, 2016|baseline, Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, NIST SP 800-53, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Security controls, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to use NIST SP 800-53 for the implementation of ISO 27001 controls
Read More

How to use the NIST SP800 series of standards for ISO 27001 implementation

Although ISO 27001, an international standard for information security management, provides control objectives and controls that cover a wide range of security issues, they are not exhaustive. Thus, ISO 27001 clauses 6.1.3 b) and c) note that an organization can go beyond the standard’s controls to set proper security levels, by ...

The post How to use the NIST SP800 series of standards for ISO 27001 implementation appeared first on 27001Academy.

By | Mai 2nd, 2016|Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, NIST SP 800, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Security controls, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to use the NIST SP800 series of standards for ISO 27001 implementation
Read More

How to use the NIST SP800 series of standards for ISO 27001 implementation

Although ISO 27001, an international standard for information security management, provides control objectives and controls that cover a wide range of security issues, they are not exhaustive. Thus, ISO 27001 clauses 6.1.3 b) and c) note that an organization can go beyond the standard’s controls to set proper security levels, by ...

The post How to use the NIST SP800 series of standards for ISO 27001 implementation appeared first on 27001Academy.

By | Mai 2nd, 2016|Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, NIST SP 800, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Security controls, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to use the NIST SP800 series of standards for ISO 27001 implementation
Read More

ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification

One of the most significant changes in the 2013 version of ISO 27001, a worldwide standard for Information Security Management Systems, is that it does not prescribe any approach in the risk assessment anymore. While it still requires the adoption of a process-based risk assessment approach (learn more here: ISO 27001 ...

The post ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification appeared first on 27001Academy.

By | April 4th, 2016|assets-treats-vulnerabilities, Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO 31010, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Risk Assessment, risk identification, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification
Read More

ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification

One of the most significant changes in the 2013 version of ISO 27001, a worldwide standard for Information Security Management Systems, is that it does not prescribe any approach in the risk assessment anymore. While it still requires the adoption of a process-based risk assessment approach (learn more here: ISO 27001 ...

The post ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification appeared first on 27001Academy.

By | April 4th, 2016|assets-treats-vulnerabilities, Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO 31010, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Risk Assessment, risk identification, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification
Read More

ISO 27001 Internal Auditor training – Is it good for my career?

With business processes under constant pressure from management, customers, and other interested parties, to protect information exactly as requested, by means of technical specifications, legal requirements, or business objectives, and the greater complexity and sophistication of operations, the use of audit expertise in information security is becoming a critical point ...

The post ISO 27001 Internal Auditor training – Is it good for my career? appeared first on 27001Academy.

By | März 29th, 2016|Blog, BSI, compliance, ISMS, ISMS (BSI, ISO 27001), ISO 27001 Internal auditor training, ISO27001, non-conformities, Notfallmanagement, opportunities for improvement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für ISO 27001 Internal Auditor training – Is it good for my career?
Read More

ISO 27001 Internal Auditor training – Is it good for my career?

With business processes under constant pressure from management, customers, and other interested parties, to protect information exactly as requested, by means of technical specifications, legal requirements, or business objectives, and the greater complexity and sophistication of operations, the use of audit expertise in information security is becoming a critical point ...

The post ISO 27001 Internal Auditor training – Is it good for my career? appeared first on 27001Academy.

By | März 29th, 2016|Blog, BSI, compliance, ISMS, ISMS (BSI, ISO 27001), ISO 27001 Internal auditor training, ISO27001, non-conformities, Notfallmanagement, opportunities for improvement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für ISO 27001 Internal Auditor training – Is it good for my career?
Read More

Clear desk and clear screen policy – What does ISO 27001 require?

Imagine this scene: an employee at his desk, in an open-plan office, is reviewing on his notebook some data to prepare a report about the last quarter financial results, or the pre-selling performance evaluation of the organization’s newest product. He receives a telephone call from his boss about a quick ...

The post Clear desk and clear screen policy – What does ISO 27001 require? appeared first on 27001Academy.

By | März 14th, 2016|Blog, BSI, clear desk and clear screen policy, information disclosure, ISMS, ISMS (BSI, ISO 27001), ISO 27002, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, unauthorized access, Unternehmen, Veranstaltungen, workspace protection, Zertifizierung & Audit|Kommentare deaktiviert für Clear desk and clear screen policy – What does ISO 27001 require?
Read More

Clear desk and clear screen policy – What does ISO 27001 require?

Imagine this scene: an employee at his desk, in an open-plan office, is reviewing on his notebook some data to prepare a report about the last quarter financial results, or the pre-selling performance evaluation of the organization’s newest product. He receives a telephone call from his boss about a quick ...

The post Clear desk and clear screen policy – What does ISO 27001 require? appeared first on 27001Academy.

By | März 14th, 2016|Blog, BSI, clear desk and clear screen policy, information disclosure, ISMS, ISMS (BSI, ISO 27001), ISO 27002, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, unauthorized access, Unternehmen, Veranstaltungen, workspace protection, Zertifizierung & Audit|Kommentare deaktiviert für Clear desk and clear screen policy – What does ISO 27001 require?
Read More

ISO 27001 vs. ITIL: Similarities and differences

IT services are one of the main pathways for information to flow through organizations, their clients and partners, and as legal and contractual requirements are increasingly including information protection demands (the healthcare industry is an example), these services and their management practices must evolve to adapt to this new scenario. ...

The post ISO 27001 vs. ITIL: Similarities and differences appeared first on 27001Academy.

By | März 7th, 2016|best practice, Blog, BSI, framework, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, ITIL, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, standard, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für ISO 27001 vs. ITIL: Similarities and differences
Read More

ISO 27001 vs. ITIL: Similarities and differences

IT services are one of the main pathways for information to flow through organizations, their clients and partners, and as legal and contractual requirements are increasingly including information protection demands (the healthcare industry is an example), these services and their management practices must evolve to adapt to this new scenario. ...

The post ISO 27001 vs. ITIL: Similarities and differences appeared first on 27001Academy.

By | März 7th, 2016|best practice, Blog, BSI, framework, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, ITIL, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, standard, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für ISO 27001 vs. ITIL: Similarities and differences
Read More

What to look for when hiring a security professional

Besides proper procedures and technologies, counting on good professionals can make all the difference during implementation and operation of any process or project. The “Apollo 13” movie shows what skilled men can do when procedures and technology fail (remember the “mailbox” device). On the other hand, what are the chances ...

The post What to look for when hiring a security professional appeared first on 27001Academy.

By | Februar 15th, 2016|Blog, BSI, competency, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, knowledge, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, skills, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für What to look for when hiring a security professional
Read More

What to look for when hiring a security professional

Besides proper procedures and technologies, counting on good professionals can make all the difference during implementation and operation of any process or project. The “Apollo 13” movie shows what skilled men can do when procedures and technology fail (remember the “mailbox” device). On the other hand, what are the chances ...

The post What to look for when hiring a security professional appeared first on 27001Academy.

By | Februar 15th, 2016|Blog, BSI, competency, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, knowledge, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, skills, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für What to look for when hiring a security professional
Read More

Key performance indicators for an ISO 27001 ISMS

Think about a medical exam. Our objective is for the physician to tell us that our health is ok and that we’ll live a long life, right? And how does the physician evaluate our health to determine if we are on track or not? By using several biological indicators, like ...

The post Key performance indicators for an ISO 27001 ISMS appeared first on 27001Academy.

By | Februar 1st, 2016|Blog, BSI, compliance, effectiveness, efficiency, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, KPI, Notfallmanagement, objectives, Penetrationstest, Penetrationstests, Performance indicators, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Key performance indicators for an ISO 27001 ISMS
Read More

Key performance indicators for an ISO 27001 ISMS

Think about a medical exam. Our objective is for the physician to tell us that our health is ok and that we’ll live a long life, right? And how does the physician evaluate our health to determine if we are on track or not? By using several biological indicators, like ...

The post Key performance indicators for an ISO 27001 ISMS appeared first on 27001Academy.

By | Februar 1st, 2016|Blog, BSI, compliance, effectiveness, efficiency, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, KPI, Notfallmanagement, objectives, Penetrationstest, Penetrationstests, Performance indicators, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Key performance indicators for an ISO 27001 ISMS
Read More
Kai Wittenburg