ISO 27001 heavily uses risk assessments as part of the process of maintaining an Information Security Management System (ISMS). As part of the process, realistic threats to the company are listed, controls implemented, and effectiveness monitored. Below are some ideas...
Rona Young, Head of Global Marketing & Communications I recently joined Dionach, an independent information security consultancy, after spending most of my career managing crisis communications (reputation protection) and marketing operational risk management...
Dionach have been providing Cyber Security Incident Response (CSIR) services for a number of years. This includes forensic analysis, root cause determination, and post-intrusion investigation. Based on this experience, we have identified some key areas in which...
During several recent penetration tests, my team and I have identified serious security vulnerabilities in systems which are fully patched, and are using reasonably secure authentication mechanisms, supported by effective session management. In many of these cases,...