You simply can’t be too careful when it comes to information security. Protecting personal records and commercially sensitive information is critical. ISO/IEC 27001 helps you implement a robust approach to managing information security (infosec) and building resilience.
About ISO/IEC 27001
Internationally recognized ISO/IEC 27001 is an excellent framework which helps organizations manage and protect their information assets so that they remain safe and secure. It helps you to continually review and refine the way you do this, not only for today, but also for the future. That’s how ISO/IEC 27001 protects your business, your reputation and adds value.
Understanding and/or applying the requirements of any standard to your business isn’t always a straightforward process. CICRA can assist you with consultation, implementation and finally certification with our affiliated certification body.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security controls developed by an aggregated body of experts from the major card brands. The standard covers the fundamental aspects of information security and extends through the people, processes and technologies involved in payment card processing systems.
PCI DSS is a complex and granular standard that is mandatory for all entities which store, process or transmit payment card data, as well as organizations that may impact the security of a credit card processing environment.
If your organization just wishes to meet the standards outlined in PCI DSS without the need for certification, we offer consultancy services to assist you to reach the high PCI standards.
COBIT (Control Objectives for Information and Related Technologies) is a good-practice framework created by international professional association ISACA for information technology (IT) management and IT governance. COBIT provides an implementable “set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers”.
The COBIT 5 framework for the governance and management of enterprise IT is a leading-edge business optimization and growth roadmap that leverages proven practices, global thought leadership and ground-breaking tools to inspire IT innovation and fuel business success.
Employees are part of an organization’s attack surface, and ensuring they have the know-how to defend themselves and the organization against threats is a critical part of a healthy security program. If an organization needs to comply with different government and industry regulations, such as ISO, FISMA, PCI, HIPAA or Sarbanes-Oxley, it must provide security awareness training to employees to meet regulatory requirements.
Awareness trainings will address the unique threat profile when deciding the subjects to cover. Some of the most common subjects are,
- Physical security
- Desktop security
- Password security
- Wireless networks
- Social engineering