Musings
-
What, why, when – ISO 27001 vs SOX 404
I recently met with a group who wanted to get started in the IT Audit. The members of the group had some experience in the IT Audit, I…
4 min read
-
3 Lines of Defense for Cyber Security professionals
In the wake of the financial crisis, the IIA came up with a model for better Risk Management and called it the ‘3 Lines of Defense’ model. This…
4 min read
-
What, when, how – Scalability v/s Elasticity v/s Availability
Even if you’re remotely associated with the Cloud, I am sure you must have heard about the Availability and Scalability of the instances. Even though this is one…
4 min read
-
[Before] Third-Party Risk Management
I was going through ISO 27001 and COBIT to understand the Third-Party (or vendors) Risk Management process in detail. And though both the frameworks provide enough guidance on…
4 min read
-
Difference between Accreditation and Certification
Many people use ‘Accreditation’ and ‘Certification’ interchangeably, but they are not the same. Certification is a technical review that assesses the security mechanisms and evaluates their effectiveness. Accreditation is management’s official…
4 min read
