The Payment Card Industry Security Standards Council recently released their updated Information Supplement: Penetration Testing Guidance. The guidance document was last published in 2008 under the heading ‘Requirement 11.3 Penetration Testing’ The updated document marks a major difference in the approach taken by the PCI Council to clarify and educate stakeholders about the standard’s requirements […]
Objectives of IT legislation in India The Government of India enacted its Information Technology Act 2000 with the objectives stating officially as: “to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to […]
Introduction Protecting the confidentiality, integrity and availability of patient information by healthcare organizations became a legal requirement via the Health Insurance Portability and Accountability Act, (HIPAA), which came into enactment in 1996. HIPAA is a federal law, designed to protect the privacy of individually identifiable patient information, both physically and electronically. It provides continuity and […]
Bring your own device (BYOD) is the business policy of letting employees bring their own devices at workplace for doing work. The concept has gained popularity in recent years mainly due to the following reasons: Employees are more willing to spend on their devices as they have the ownership of the device. Maintenance and protection […]
The new draft of ISO 27001 standard has been made more objective, logical in flow and precise, eliminating the elaborated and/or indirect contextual statements. As expected, the new ISO 27001 will be compliant with Annex SL of ISO/IEC Directives, in order to be aligned with all the other management standards. So, here are the main […]
Introduction Compliance to the ISO 27001 standard and associated controls helps an organization to understand information security risks and develop an information security management system (ISMS) in order to address the risks identified. The ISO 27001 implementation process aims to provide management an intuitive understanding of information security. However, management also requires answers to the […]
