I recently happened to download the Risk IT Framework, 2nd Edition from ISACA. During December 2019 the National Cyber Security Center of United Kingdom released the Cyber Security Body of Knowledge (CyBok 1.0). The CyBok has 19 knowledge areas which…
Category: Information Security
Audit Request List
Recently, one of my old student asked me to give some inputs on Data Request List (DRL) for IT General controls. I couldn't understand the meaning and informed him that I have not heard of such term in auditing body…
IT GENERAL CONTROLS
IT General controls (ITGC's) are applicable to any information systems infrastructure. These controls are primarily in the following areas: Access Management (assess to data and programs), Change Management (Changes to programs and data), Systems development (feasibility, design, Testing, installation, version…
Personal Data Protection Act 2012 of Singapore
Personal Data Protection Act 2012 of Singapore is to govern the collection, use and disclosure of personal data by organizations. Any organization who wants to demonstrate that they comply with PDPA of Singapore can apply DPTM certification. DPTM certification is…
ISO 27001 LA Training in Mumbai
I delivered an ISO 27001 LA training to the SOC team of large IT Services organization in Mumbai last week. They were a group of highly experienced and enthusiastic learners, the class was very interactive and we had role plays…
One Year of GDPR
It has been just about more than an year since the enforcement of GDPR and it appears that there are thousands of data breach notifications. Please see the numbers of this one year of GDPR. https://iapp.org/resources/article/gdpr-one-year-anniversary-infographic/
Shortage of Cybersecurity Professionals
October 2018 report by (ISC)2 finds that Cybersecurity workforce gap is at 2.9 million and of which 2.1 million is in Asia Pacific. You can download the report here: https://www.isc2.org/Research/Workforce-Study
Congratulations to our ISO 27001 Students
Paresh Patel and Mukesh Zala, 2 of our students who attended and appeared in the ISO 27001 Lead Implementer class have passed the examination. Congratulations!
Privacy and Data Protection Practitioner
We will be launching EXIN Privacy and Data Protection Practitioner course from first week of July 2019. The course is of 3 days duration with a Certification exam on the 3rd day. The course consists of 5 modules: Data Protection…