ISO 27001 Control A.7

A.7.1 Responsibility for assets Objective: To achieve and maintain appropriate protection of organizational assets. A.7.1.1 Inventory of assets Control All assets shall be clearly identified and an inventory of all important assets drawn up and maintained. A.7.1.2 Ownership of assets Control All information and assets associated with information processing facilities shall be ‘owned’ by a designated part of the organization. A.7.1.3 Acceptable use of assets Control Rules for the acceptable…

ISO 27001 Control A.6

A.6 Organization of information security A.6.1 Internal organization Objective: To manage information security within the organization. A.6.1.1 Management commitment to information security Control Management shall actively support security within the organization through clear direction, demonstrated commitment, explicit assignment, and acknowledgment of information security responsibilities. A.6.1.2 Information security coordination Control Information security activities shall be co-ordinated by representatives from different parts of the organization with relevant roles and job functions. A.6.1.3…

ISO 27001 Control A.5

A.5 Security Policies A.5.1 Information Security Policy To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. A.5.1.1 Information Security Policy Document A set of policies must be defined, approved by management, published and communicated to employees and relevant external parties. The policies must be led by business needs, alongside the applicable regulations and legislation affecting the organisation too. These policies need…

Adding Cyber Security to Corporate Risk Management

Corporate boards and senior management like to focus on business. They love the numbers, the strategy and the success of a business operation. They have a passion for it and that is why they are sitting on board or managing a global company. They do not like to talk as much about risks, much less plan for them. When it comes to information governance and protecting the company from hackers…

BAE Systems completes SilverSky acquisition

Further to the announcement of 21 October 2014, BAE Systems has completed the acquisition of Perimeter Internetworking Corp., which trades as SilverSky, a commercial cyber service provider. The consideration of $232.5 million (approximately £144.4 million) has been funded from BAE Systems’ existing cash resources. SilverSky is a commercial cyber services and compliance provider, headquartered in New York, with operations in the US and the Philippines. The company currently employs approximately…