Factors for successful information security management
The term security awareness is frequently used when talking about information security, and rightfully so. In my experience the two single most important factors to successful information security management are: a) Security awareness b) Cooperation In fact, without cooperation you will not succeed with much of anything. But, it is especially relevant when it comes […]
5 tips for writing an Information Security Policy
One thing that is mentioned a lot when it comes to GDPR is policies. One large part of how companies will have to demonstrate compliance with GDPR is through documentation and policies. The regulation, for example, requires a data protection and information security policy to exist, as well as a privacy policy. A data protection […]
Penetration Testing Guidelines and Best Practices – part 2
What the PCI standard explicitly mandates about penetration testing is illustrated in Requirement 11.3, requiring organizations to perform annual penetration tests that would mainly: While the composition of the network layer tests is left to the discretion of the tester, the standard specifies that as a minimum the following elements must be included in the […]
The Two Core Phases of Penetration Testing and PCI Compliance Pitfalls
When it comes to pen testing, it can always be roughly broken down in to two core phases: scanning and exploiting. Simply put: know what you’re dealing with; then you may push the red “fire” button and unleash hell. The scanning phase This of course applies to any PCI-related pentest being carried out against the […]
Register-förteckningsmall
Gör din registerförteckning med vår enkla mall! En stor del av anpassningsarbetet till GDPR handlar om dokumentation. Enligt artikel 30 i GDPR ska organisationer dokumentera sin behandling av personuppgifter. Alla organisationer bör därför göra en registerförteckning, dels för att det är ett krav men även för att det till stor grad kan underlätta kartläggningen av […]