Articles by tag "iso-27001"

Digital Edge's Compliance team has noticed that organizations and IT/compliance groups lack understanding of mandates for scheduled reviews and audits.

Each cybersecurity standard or framework has its own unique requirements. This article provides information on minimal required reviews and audits by NIST CSF standard.

Digital Edge is proud to announce that one of our strategic cybersecurity advisors, Aleksandr Kondratiuk, has successfully received the ISO-27001 Lead Auditor certification! The certification exhibits our team's ongoing commitment to assist our clients better and grow our professional skills.

New York State Department of Financial Services recently updated its web page to indicate that any covered entities (i.e., agencies, insurance agents or insurance brokers) that already submitted their Certification of Compliance, needs to do so again after Monday, Jan. 1, 2018. 

According to the department, "The Certification of Compliance certifies that a Covered Entity complied with 23 NYCRR 500 for the entire calendar year. As such, the department only expects to receive a Certification of Compliance between January 1 and the February 15 deadline for the previous calendar year. Unless a Covered Entity is ceasing department-authorized operations before that year end, a Certification of Compliance before year end will not satisfy the requirement that a Covered Entity certify its compliance as of year-end."

The NYDFS Cyber Security Regulation (23NYCRR500) requires all New York-licensed insurance agencies, agents and brokers to file a certification of compliance, prior to Thursday, Feb. 15, 2018, and annually thereafter. The certification confirms that the licensed entity has complied with the regulation to the extent required, which includes conducting a risk assessment and developing cybersecurity programs and policies based upon that risk assessment. 

Digital Edge is an expert in ISO standards, is certified by International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.

Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance. 

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

1. DFS Compliance – Mandatory Cybersecurity Requirements
2. To Do: Check List to Comply with DFS Cybersecurity Law
3. Discover the NEW online DFS Cybersecurity Reporting Portal
4. Exempt from DFS Cybersecurity Regulations – Now What?

In March of 2017, the New York State Department of Financial Services’ (DFS) issued its “Part 500” - Mandatory Cybersecurity Requirements for financial services entities. Thus, requiring banks, insurers, and other financial institutions to establish and maintain a “risk-based, holistic, and robust security program” that is ultimately designed to protect consumers’ private data. Partial exemptions are provided for covered entities based on their staffing level, annual revenue, or total assets. 

The initial deadline for submitting an annual Certification of Compliance on February 15, 2018 is rapidly approaching, and all organizations are required to comply with DFS Part 500 Section 9, Risk Assessment by March 1, 2018. 

Digital Edge is an expert in ISO standards, is certified by International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.
 
Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance. 

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

1. DFS Compliance – Mandatory Cybersecurity Requirements
2. To Do: Check List to Comply with DFS Cybersecurity Law
3. Discover the NEW online DFS Cybersecurity Reporting Portal
4. Exempt from DFS Cybersecurity Regulations – Now What?

The Digital Edge Security Team is aware of a set of security vulnerabilities—known as Meltdown and Spectre—that affect modern CPUs and virtual memory access. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

We analyzed our clients configurations and our own DE Cloud Infrastructure, and as of now, do not see any active exploitation of this vulnerability. 

There has been much contradictory information. The Digital Edge Security Team explains the vulnerability in simple terms and provides suggestions on how to handle the situation here.

The Digital Edge Security Team warns that HIDDEN COBRA actors have been using FALLCHILL malware to target IT infrastructures. DHS and FBI specified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as FALLCHILL. The U.S. Government refers to malicious cyber activity by North Korea as HIDDEN COBRA. 

HIDDEN COBRA uses dual proxy technique allowing to change vector of the attack and keep the source of the attack hidden.
 
These types of activities can have severe impacts such as data loss and disruption of operation. The Digital Edge Security Team has updated its own core infrastructure to protect our clients from possible impacts of HIDDEN COBRA and advise other IT organization to use the same practice. 

Click here for more details.

As of May 1, 2017, Digital Edge is proud to announce its official certification of the International Standards Organization (ISO) 27001 framework for Information Security Management, a specification for an information security management system (ISMS). ISO is an independent, non-governmental international organization with a membership of 163 national standard bodies. ISO is credited for publishing more than 2100 international standards, covering almost every industry, from technology, to food safety, to aviation and healthcare. By adopting the ISO 27001 framework, Digital Edge will protect businesses from threats, including internet fraud, hacking, overseeing of transactions and other cyber security threats.

Undergoing the process of getting certified by ISO is vital to Digital Edge because these standards evaluate process effectiveness and better structures company management and growth. Digital Edge’s clients will always be insured with quality services with the core value of “Stability, Security, Efficiency, and Compliance”. Digital Edge received this certification with minor and no major non-conformities, proving once again that our security processes are constant. 

Receiving the ISO 27001 certification, proves that Digital Edge’s processes meet the best quality and security standards for our clients. Digital Edge guarantees our clients and partners are receiving outstanding services, demonstrating our serious commitment to these security controls.

WikiLeaks has recently exposed that the CIA possessed the capability to hack into nearly every device you own. With all that we have learned from these leaks,  Digital Edge wants to take the time to focus on is the “zero days” concept – which can be simply put as a weakness/hole in a system that allows a hacker to breach it before anyone even knows about this vulnerability. The act of reporting the vulnerability is known as “zero days”.

Once a hole in the system is found, it should be reported immediately, so it can be patched up before it’s exploited.

Read more about this here.

The ISO 27001 standard is a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving management systems information security (ISMS) within the context of the overall commercial risks of the organization.

ISO language in relevance to log management: "Audit logs must be turned on for security events, user activities and exceptions. They must be kept for a predetermined period of time.". The task of organizing this information can be overwhelming. In addition to the millions of individual log entities that can be generated daily, all IT environments have reporting data logs. Additional recommendations to analyze and report on log data make manual processes or internally prepared solutions are insufficient and expensive for many organizations.