Toggle SlidingBar Area

Rhand Leal

/Rhand Leal

About Rhand Leal

This author has not yet filled in any details.
So far Rhand Leal has created 58 blog entries.

How to protect against external and environmental threats according to ISO 27001 A.11.1.4

Physical security plays a critical role in information protection, because even the best designed, implemented, and maintained technical and administrative controls, whether IT related or from some other area, are of little help if an event physically affects the environment or the assets on which those controls work. For example, ...

The post How to protect against external and environmental threats according to ISO 27001 A.11.1.4 appeared first on 27001Academy.

By | Januar 25th, 2016|Accidents, Blog, BSI, CPTED, Environmental protection, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Man-made attacks, Natural disaster, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to protect against external and environmental threats according to ISO 27001 A.11.1.4
Read More

How to protect against external and environmental threats according to ISO 27001 A.11.1.4

Physical security plays a critical role in information protection, because even the best designed, implemented, and maintained technical and administrative controls, whether IT related or from some other area, are of little help if an event physically affects the environment or the assets on which those controls work. For example, ...

The post How to protect against external and environmental threats according to ISO 27001 A.11.1.4 appeared first on 27001Academy.

By | Januar 25th, 2016|Accidents, Blog, BSI, CPTED, Environmental protection, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Man-made attacks, Natural disaster, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to protect against external and environmental threats according to ISO 27001 A.11.1.4
Read More

How to set security requirements and test systems according to ISO 27001

Security is something that everyone wants to have, but which no one ever wants to use. And this thought can bring a lot of problems. Unless a system’s purpose is security related (e.g., firewall, access system, etc.), users pay little attention to how security is embedded in a product, and ...

The post How to set security requirements and test systems according to ISO 27001 appeared first on 27001Academy.

By | Januar 11th, 2016|Blog, BSI, Data Protection, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO 27002, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, requirement definition, Risikomanagement, test procedures, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to set security requirements and test systems according to ISO 27001
Read More

How to set security requirements and test systems according to ISO 27001

Security is something that everyone wants to have, but which no one ever wants to use. And this thought can bring a lot of problems. Unless a system’s purpose is security related (e.g., firewall, access system, etc.), users pay little attention to how security is embedded in a product, and ...

The post How to set security requirements and test systems according to ISO 27001 appeared first on 27001Academy.

By | Januar 11th, 2016|Blog, BSI, Data Protection, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO 27002, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, requirement definition, Risikomanagement, test procedures, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to set security requirements and test systems according to ISO 27001
Read More

Secure equipment and media disposal according to ISO 27001

Think about the following scenarios: Printed documents (e.g., budget drafts, or client’s refused proposals) are no longer needed and used as scratch paper, or accumulated in waiting areas for removal. Defective equipment (e.g., CEO’s tablet, or project team’s notebooks) being discarded by maintenance staff, put directly in the trash, or sold as ...

The post Secure equipment and media disposal according to ISO 27001 appeared first on 27001Academy.

By | Dezember 7th, 2015|Blog, BSI, equipment disposal, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO 27002, ISO27001, media disposal, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Secure equipment and media disposal according to ISO 27001
Read More

Secure equipmentand media disposal according to ISO 27001

Think about the following scenarios: Printed documents (e.g., budget drafts, or client’s refused proposals) are no longer needed and used as scratch paper, or accumulated in waiting areas for removal. Defective equipment (e.g., CEO’s tablet, or project team’s notebooks) being discarded by maintenance staff, put directly in the trash, or sold as ...

The post Secure equipmentand media disposal according to ISO 27001 appeared first on 27001Academy.

By | Dezember 7th, 2015|Blog, BSI, equipment disposal, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO 27002, ISO27001, media disposal, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Secure equipmentand media disposal according to ISO 27001
Read More

Using ITIL to implement ISO 27001 incident management

Incident management is one of the key processes to ensure the effectiveness of any business operation. With more or less sophistication and maturity, practically any organization has practices in place to deal with undesired events, and some of these were so commonplace that they became industry good practices and the ...

The post Using ITIL to implement ISO 27001 incident management appeared first on 27001Academy.

By | November 10th, 2015|Blog, BSI, Incident management, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, ITIL, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Using ITIL to implement ISO 27001 incident management
Read More

Requirements to implement network segregation according to ISO 27001 control A.13.1.3

Think about a house, or office, with only one big space where you can arrange all your loved and precious things the way you think most appropriate. Tempting, isn´t it? The flexibility to use the space and ease of seeing everything right away seems like a big deal. Now, imagine ...

The post Requirements to implement network segregation according to ISO 27001 control A.13.1.3 appeared first on 27001Academy.

By | November 2nd, 2015|access control, Blog, BSI, firewall, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO 27002, ISO27001, network segregation, Notfallmanagement, Penetrationstest, Penetrationstests, perimeter, Risikomanagement, router, segmentation, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für Requirements to implement network segregation according to ISO 27001 control A.13.1.3
Read More

ISO 27001 project management: Implementing complex security controls using Work Breakdown Structure (WBS)

What do diverse situations like the Battle of Trafalgar (1805), the Cooley–Tukey FFT algorithm (1965), and the multi-sided market competition have in common? They are all examples of big or complex problems divided into smaller and more manageable pieces to reach a winning solution. This is a strategy called “Divide ...

The post ISO 27001 project management: Implementing complex security controls using Work Breakdown Structure (WBS) appeared first on 27001Academy.

By | Oktober 19th, 2015|Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, project management, Risikomanagement, Security controls, Unternehmen, Veranstaltungen, WBS, Work Breakdown Structure, Zertifizierung & Audit|Kommentare deaktiviert für ISO 27001 project management: Implementing complex security controls using Work Breakdown Structure (WBS)
Read More

ISO 27001 project management: Implementing complex security controls using Work Breakdown Structure (WBS)

What do diverse situations like the Battle of Trafalgar (1805), the Cooley–Tukey FFT algorithm (1965), and the multi-sided market competition have in common? They are all examples of big or complex problems divided into smaller and more manageable pieces to reach a winning solution. This is a strategy called “Divide ...

The post ISO 27001 project management: Implementing complex security controls using Work Breakdown Structure (WBS) appeared first on 27001Academy.

By | Oktober 19th, 2015|Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, project management, Risikomanagement, Security controls, Unternehmen, Veranstaltungen, WBS, Work Breakdown Structure, Zertifizierung & Audit|Kommentare deaktiviert für ISO 27001 project management: Implementing complex security controls using Work Breakdown Structure (WBS)
Read More

How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1

You have certainly already heard, or lived, this scenario: it is a normal day and the systems are working fine, when suddenly they slow down for no apparent reason or simply stop. User support starts to receive dozens of calls, and the IT staff works hard for hours to put ...

The post How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 appeared first on 27001Academy.

By | Oktober 12th, 2015|Blog, BSI, ISMS, ISMS (BSI, ISO 27001), ISO 27001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, Risikomanagement, threat, Unternehmen, Veranstaltungen, vulnerability management, weakness, Zertifizierung & Audit|Kommentare deaktiviert für How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1
Read More

How to implement integrated management systems

Recently, we saw the release of new versions of two of the best-known ISO standards: ISO 9001 (requirements for Quality Management Systems) and ISO 14001 (requirements for Environmental Management Systems). Like ISO 22301 and ISO 27001:2013, these standards follow a similar structure, based on Annex SL, Appendix 2 of ISO/IEC Directives (for more ...

The post How to implement integrated management systems appeared first on 27001Academy.

By | Oktober 5th, 2015|Allgemein|Kommentare deaktiviert für How to implement integrated management systems
Read More

How to implement integrated management systems

Recently, we saw the release of new versions of two of the best-known ISO standards: ISO 9001 (requirements for Quality Management Systems) and ISO 14001 (requirements for Environmental Management Systems). Like ISO 22301 and ISO 27001:2013, these standards follow a similar structure, based on Annex SL, Appendix 2 of ISO/IEC Directives (for more ...

The post How to implement integrated management systems appeared first on 27001Academy.

By | Oktober 5th, 2015|Blog, BSI, Integrated Management Systems, ISMS, ISMS (BSI, ISO 27001), ISO 14001, ISO 22301, ISO 27001, ISO 9001, ISO27001, Notfallmanagement, Penetrationstest, Penetrationstests, project management, Risikomanagement, Unternehmen, Veranstaltungen, Zertifizierung & Audit|Kommentare deaktiviert für How to implement integrated management systems
Read More
Kai Wittenburg