Information Security Category

PECB Lead Cloud Security Manager

PECB recently launched Lead Cloud Security Manager course and certification. This course is developed based on ISO 27017 and ISO 27018. ISO 27017 provides guidance to implement controls for cloud services and ISO 27018 provides guidance to implement controls to protect PII in public clouds acting as PII processors. This is well designed course which […]

Read More

Cybersecurity Definition

I recently happened to download the Risk IT Framework, 2nd Edition from ISACA. During December 2019 the National Cyber Security Center of United Kingdom released the Cyber Security Body of Knowledge (CyBok 1.0). The CyBok has 19 knowledge areas which are grouped into five categories. This a very detailed body of knowledge that will be […]

Read More

Audit Request List

Recently, one of my old student asked me to give some inputs on Data Request List (DRL) for IT General controls. I couldn’t understand the meaning and informed him that I have not heard of such term in auditing body of knowledge. I also explained to him that the Data Request List (DRL) he wants […]

Read More

IT GENERAL CONTROLS

IT General controls (ITGC’s) are applicable to any information systems infrastructure. These controls are primarily in the following areas: Access Management (assess to data and programs), Change Management (Changes to programs and data), Systems development (feasibility, design, Testing, installation, version control, Move to production) , IT Operations (Backup, Incident Management, Job monitoring, Batch processing, etc). […]

Read More

Personal Data Protection Act 2012 of Singapore

Personal Data Protection Act 2012 of Singapore is to govern the collection, use and disclosure of personal data by organizations. Any organization who wants to demonstrate that they comply with PDPA of Singapore can apply DPTM certification. DPTM certification is voluntary certification which will help organizations build trust with their stakeholders and gain competitive advantage. […]

Read More

ISO 27001 LA Training in Mumbai

I delivered an ISO 27001 LA training to the SOC team of large IT Services organization in Mumbai last week. They were a group of highly experienced and enthusiastic learners, the class was very interactive and we had role plays and exercises through the course. Please contact me on +91 95054 52841 for ISO 27001 […]

Read More

One Year of GDPR

It has been just about more than an year since the enforcement of GDPR and it appears that there are thousands of data breach notifications. Please see the numbers of this one year of GDPR. https://iapp.org/resources/article/gdpr-one-year-anniversary-infographic/

Read More

Shortage of Cybersecurity Professionals

October 2018 report by (ISC)2 finds that Cybersecurity workforce gap is at 2.9 million and of which 2.1 million is in Asia Pacific. You can download the report here: https://www.isc2.org/Research/Workforce-Study

Read More

Congratulations to our ISO 27001 Students

Paresh Patel and Mukesh Zala, 2 of our students who attended and appeared in the ISO 27001 Lead Implementer class have passed the examination. Congratulations!

Read More

Privacy and Data Protection Practitioner

We will be launching EXIN Privacy and Data Protection Practitioner course from first week of July 2019. The course is of 3 days duration with a Certification exam on the 3rd day. The course consists of 5 modules: Data Protection Policies, Managing and organizing data protection, Roles of the controller, processor and DPO, Data Protection […]

Read More