This kind of question keeps coming up, many people are unclear about the Statement of Applicability on ISO-27000.
The SoA should outline the measures to be taken in order to reduce risks such as those mentioned in Annex A of the standard. These are based on ‘Controls’.
But if you are using closed-source products such as those from Microsoft, are you giving up control? Things like validation checks and integrity controls are are ‘internal’.
Well, its a bit of a word-play.
SoA contains exclusions on controls that are not applicable because the organization doesn’t deal with these problems (ie ecommerce)
SoA contains exclusions on controls that pose a threat (and risks arise) but cannot be helped (ie A.12.2 Correct processing in applications) and no measures can be taken to reduce these risks.
With this, a record must be present in risk assessments, stating that the risk (even if it is above minimum accepted risk level) is accepted
If you have a good information security awareness amongst
the employees then it should not a problem what kind of attempts
are made by the social engineers and to glean information from
Yes but as RSA demonstrated, it is a moving target.
So, the two-way tv sets of Orwell’s novel have arrived, over a quarter of a century late!
It just goes to show. Science fiction things like the Star Trek communicator (Motorolaflip phones) or the tricorder (some of the enhanced versions of the Newton) or the data Pad (the real world version has an extra ‘i’) we do pretty quickly, but if its a mainstream novel, the kind of thing that my old Eng Lit teacher would approve of (he snivelled at SF and cringed at its mention) then it seems three isn’t the same enthusiasm about replicating its technology.
An interesting list, since it covers issues of public structural security.
I recall reading that the greatest contribution to the health of individuals came about from good public sanitation and clean water, that is civic changes (presumably enabled by legislation) that affected the public in a structural manner.
The Navy’s premier institution for developing senior strategic and
operational leaders started issuing students Apple iPad tablet
computers equipped with GoodReader software in August 2010,
unaware that the mobile app was developed and maintained by
a Russian company, Good.iWare, until Nextgov reported it in February.
OK so its not news and OK I’ve posted about this before, but …
Last week I was reading another report about malware and it stated that most malware yamma yamma yamma had it origins in the USA. No doubt you’ve seen reports to that effect with different slants.