Friday, February 25, 2022

 2022-02-25

Cyberwar is Kinetic War - A warning from a contributor to CNN Reliable Sources - Relevant to any individual or enterprise:

"This is an evergreen but currently relevant tip for journalists as well as others who may be involved in sharing information about the conflict, from Harvard Shorenstein fellow Jane Lytvynenko: "Make sure your reporters, [editors], photographers, admin staff, and anyone else involved in covering this war has strong cybersecurity hygiene. Vet sources. Check documents. Be aware of phishing attack potential. 2fa everywhere via an app. Password variation. Everything." #cybersecurity #cybervigilance

Wednesday, February 23, 2022

2022-02-23

It's so...2022: New ISO 27002-2022 Published:002:2022

ISO 27002:2022 Considerations for certifiers-in-process (and the certified) for 2022 and beyond:

1. The standard now aggregates information security, cybersecurity into a unitary document
2. Four "Controls" Themes - People, physical, technological and organizational.
3. Relevant new controls are directed to data loss prevention, IoT, and, introducing: threat intelligence.
4. Handy Annex A to 27002:2022 provides means to demonstrate cyber/information, etc. postures

The standard will likely require currently certified entities to update or create new policies.

Important Note: Annex A to ISO27001 is in the final steps of being updated (perhaps as early as Q2 2022) to put it accordance with ISO27002:2022. For re-certifying entities, this will mean a two year compressed certification time frame. Newly certifying entities should become aware of and address their activities to incorporate relevant additional, modified requirements. #cybersecurity #iot #ISO27002


Threat intelligence now includes litigation intelligence.


 
Actions