We think that the new version of NIST’s Cyber Security Framework is a significant improvement. There’s one big change, but it is the lots of little changes that add up to a massive overall improvement. New Zealand organisations will still need to do some work to plug some of its idiosyncratic gaps, however.
Getting practical security information and guidance shouldn’t be so hard. Unfortunately, sometimes it can feel that way. Yes, there may be times when you will need to bring in specialists to assist your business to meet its security needs, but there are many aspects of security which you can choose to do, even on the leanest of budgets.
In my previous two articles in this series focused on developing an Information Security Management System (ISMS) based on ISO 27001:2013, I presented the common myths associated with the standard. In this article, I am going to provide an overview of the standard and section 4 Context of the organisation.
Okay, I know I promised to delve into and discuss the requirements defined in 4 Context of the organisation. However, I realised that they are other common myths that I should dispel for those of you that are interested in implementing an Information Security Management System (ISMS) that conforms with ISO/IEC 27001:2013 (ISO 27001).
When using devices and online services, always use modern, convenient and strong access controls. Fingerprint sensors are brilliant for controlling access to personal devices, a good password manager makes creating and remembering passwords a breeze, and adding multi-factor authentication is the best approach for protecting the accounts you really care about.