Consulting | Adaptive Planning | Adaptive API | Info Sec - ISO 27001 | More Adaptive Integration | Company Issued Options
Consulting | Adaptive Planning | Adaptive API | Info Sec - ISO 27001 | More Adaptive Integration | Company Issued Options
I have been involved with information security since the mid-90s when I was working in data communications. Rosser Communications became a Cisco partner working with routers and Wi-Fi as well as selling and implementing firewalls from WatchGuard, SonicWall and Fortinet. More recently, I ran the project for ABM Systems (subsequently Decision Inc. Australia) to achieve ISO 27001 conformance. And on my recent break, I've been getting up to speed with cyber security.
With over a decade working in computer networking, I have a solid understanding of how to configure firewalls, VPNs, Wi-Fi, routers and switches etc.
Modern cloud-based systems and remote workers have fundamentally changed the need for traditional office-based network security. Your attack surface now includes external systems, home Wi-Fi, mobile devices and smart devices that can be targets for hackers, leak information or contribute to compromising your data. Many organisations don't even have a server and their staff work from home or in co-working spaces. Your endpoints are still vulnerable, and the weakest link is usually your staff.
This standard is about the "CIA" - the Confidentiality, Integrity and Availability - of information. It covers your data, client data and supplier data and extends to backups and reliability, documentation, improvement and change control, all of which should all be part of your ISMS (Information Security Management System).
I'd like to give a big shout-out to Michael McLean, aka "Shrek", who helped to write the ISO/IEC 27001 standard and helped me get to grips with its clauses and controls. Mostly I appreciated his common-sense way of integrating security into all the procedures and processes under a risk-based framework.
If you need some help to implement better security in your business, contact me. Whether you need to get the essential 8, improve staff awareness or assess and prioritise your risks, I can help and recommend others with the necessary skills.
I've been reading widely about hackers and their exploits, red team tools and blue team defences, black hats and white hats. If you want to open your eyes to what is possible, I recommend the podcast, Darknet Diaries.
My key takeaway is that the weakest link is the humans who will always be susceptible to social engineering techniques. It's human nature not to be rude or unreasonable. Keep in mind the Russian proverb "Doveryai, no proveryai", made famous by Ronald Regan as "Trust, but verify".