PECB recently launched Lead Cloud Security Manager course and certification. This course is developed based on ISO 27017 and ISO 27018. ISO 27017 provides guidance to implement controls for cloud services and ISO 27018 provides guidance to implement controls to protect PII in public clouds acting as PII processors. This is well designed course which... Continue Reading →
Cybersecurity Definition
I recently happened to download the Risk IT Framework, 2nd Edition from ISACA. During December 2019 the National Cyber Security Center of United Kingdom released the Cyber Security Body of Knowledge (CyBok 1.0). The CyBok has 19 knowledge areas which are grouped into five categories. This a very detailed body of knowledge that will be... Continue Reading →
Audit Request List
Recently, one of my old student asked me to give some inputs on Data Request List (DRL) for IT General controls. I couldn't understand the meaning and informed him that I have not heard of such term in auditing body of knowledge. I also explained to him that the Data Request List (DRL) he wants... Continue Reading →
IT GENERAL CONTROLS
IT General controls (ITGC's) are applicable to any information systems infrastructure. These controls are primarily in the following areas: Access Management (assess to data and programs), Change Management (Changes to programs and data), Systems development (feasibility, design, Testing, installation, version control, Move to production) , IT Operations (Backup, Incident Management, Job monitoring, Batch processing, etc).... Continue Reading →
Personal Data Protection Act 2012 of Singapore
Personal Data Protection Act 2012 of Singapore is to govern the collection, use and disclosure of personal data by organizations. Any organization who wants to demonstrate that they comply with PDPA of Singapore can apply DPTM certification. DPTM certification is voluntary certification which will help organizations build trust with their stakeholders and gain competitive advantage.... Continue Reading →
ISO 27001 LA Training in Mumbai
I delivered an ISO 27001 LA training to the SOC team of large IT Services organization in Mumbai last week. They were a group of highly experienced and enthusiastic learners, the class was very interactive and we had role plays and exercises through the course. Please contact me on +91 95054 52841 for ISO 27001... Continue Reading →
One Year of GDPR
It has been just about more than an year since the enforcement of GDPR and it appears that there are thousands of data breach notifications. Please see the numbers of this one year of GDPR. https://iapp.org/resources/article/gdpr-one-year-anniversary-infographic/
Shortage of Cybersecurity Professionals
October 2018 report by (ISC)2 finds that Cybersecurity workforce gap is at 2.9 million and of which 2.1 million is in Asia Pacific. You can download the report here: https://www.isc2.org/Research/Workforce-Study
Congratulations to our ISO 27001 Students
Paresh Patel and Mukesh Zala, 2 of our students who attended and appeared in the ISO 27001 Lead Implementer class have passed the examination. Congratulations!
Privacy and Data Protection Practitioner
We will be launching EXIN Privacy and Data Protection Practitioner course from first week of July 2019. The course is of 3 days duration with a Certification exam on the 3rd day. The course consists of 5 modules: Data Protection Policies, Managing and organizing data protection, Roles of the controller, processor and DPO, Data Protection... Continue Reading →
QUALITI CONSULTING 