News & Thoughts from the Axenic Team
Getting the basics right
Getting practical security information and guidance shouldn’t be so hard. Unfortunately, sometimes it can feel that way. Yes, there may be times when you will need to bring in specialists to assist your business to meet its security needs, but there are many aspects of security which you can choose to do, even on the leanest of budgets.
Axenic has been selected for the new ICT Security and Related Services (ICTSRS) panel to provide governance, risk and assurance services to the New Zealand Government.
Axenic has worked closely with the NZ Government Chief Information Officer (GCIO) over several years to improve NZ Agency security maturity. This has included contributing to the development of the GCIO risk management framework, the GCIO assurance framework and the Office 365 and Azure Risk Assessments.
Information security is all about context!
In my previous two articles in this series focused on developing an Information Security Management System (ISMS) based on ISO 27001:2013, I presented the common myths associated with the standard. In this article, I am going to provide an overview of the standard and section 4 Context of the organisation.
Chris and Michael will be presenting at the 24th International Computer Security Symposium & 9th SABSA World Congress, which will be held in Ireland between the 1 – 5 October 2016.
The following provides a synopsis of their sessions, visit the COSAC website here for more information and the full conference schedule.
Dispelling more common myths
Okay, I know I promised to delve into and discuss the requirements defined in 4 Context of the organisation. However, I realised that they are other common myths that I should dispel for those of you that are interested in implementing an Information Security Management System (ISMS) that conforms with ISO/IEC 27001:2013 (ISO 27001).
Reports surfaced on the 12th of April of a botnet that attacks IoT running BusyBox and other Linux-based devices. The bot, which is believed to be active since the 20th of March 2017, exploits hard-coded passwords of devices with published SSH or telnet, as well as attempting to brute-force passwords of devices with non-default credentials. As the name suggest, BrickerBot bricks the devices and leaves them completely useless. This is done by executing a set of commands to delete storage, corrupt routing and others.