Articles by tag "iso"

Digital Edge is proud to announce that one of our strategic cybersecurity advisors, Aleksandr Kondratiuk, has successfully received the ISO-27001 Lead Auditor certification! The certification exhibits our team's ongoing commitment to assist our clients better and grow our professional skills.

POSITION ON RISK

1. Initial risk is 100% (99.9%). I argue, if you deploy a system without any controls and connect it to the internet, it will be hacked multiple times in a year.
2. Risk = 100% - control mitigation + destabilizing events (zero days, new vulnerabilities).
3. We may calculate control mitigation but cannot predict those destabilizing events, and this is the nature of the business, and this is why we cannot precisely measure risks. So we don't have to; we can just assess.
4. Mitigation is NOT lowering the impact but lowering LIKELIHOOD. When there is a cybersecurity breach, it is easier to predict maximum impact, which depends on the time of detection (controls - destabilizing). I would argue that within some short time, the impact could be the cost of the business. 
5. My biggest problem with current frameworks is that they all concentrate on initial assessment, not the continuous process.
6. Risk has to be re-assessed yearly, and the methodology is more important for re-assessment compared to the initial assessment.
7. Incidents should be used to adjust risks as it is real-life data for statistical analysis for the given client. Incidents should be used to re-assess likelihood, and each incident must be bound to a risk and effect KPI.
8. Methodology should suggest KPI assignment. 

This is the big picture. All I see today is ISO-like risks analyses that are initially made based on industrial risks. The mentality should be changed, and I don't know if it is too big of a shift from the current approach.

by: Naum Lavnevich

On Tuesday, May 29th, Digital Edge passed the International Organization for Standardization’s (ISO) Quality Management Surveillance 1 Audit using the 9001:2015 framework! ISO is an independent, non-governmental international organization with a membership of 161 national standard bodies. ISO is credited for publishing more than 2100 international standards, covering almost every industry, from technology, to food safety, to aviation and healthcare.
 
Digital Edge is also certified in the ISO 27001:2013 framework for Information Security Management. The ISO 27001 is a specification for an information security management system (ISMS). Digital Edge protects businesses from threats, including internet fraud, hacking, overseeing of transactions and other cyber security threats. Digital Edge guarantees our clients are receiving outstanding services. 
 
Digital Edge is offering assistance in becoming compliant for any type of standard or certification. Our VP of Compliance is knowledgeable in ISO, DFS, NIST, HIPPA, GDPR, as well as any other standard our clients want to be compliant with. Digital Edge also sends out monthly newsletters informing them about most asked questions regarding compliance and any questions submitted. Check out our Compliance page on our website!
 

This past weekend (March 3-4th) Digital Edge passed another ISO 27001:2013 Information Technology Security Management System Requirements surveillance audit!  Our ISO Certification is up to date with no interruptions or non-conformities! We would like to thank our staff and support for dedicating their time in getting certified. Digital Edge is an expert in ISO standards, we offer assistance in ISO Certification for companies that need to stay in compliance. 

The Digital Edge Security and Compliance Team can assist your business to implement policies, standards and practices based on International Standards Organization framework! Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance.

New York State Department of Financial Services recently updated its web page to indicate that any covered entities (i.e., agencies, insurance agents or insurance brokers) that already submitted their Certification of Compliance, needs to do so again after Monday, Jan. 1, 2018. 

According to the department, "The Certification of Compliance certifies that a Covered Entity complied with 23 NYCRR 500 for the entire calendar year. As such, the department only expects to receive a Certification of Compliance between January 1 and the February 15 deadline for the previous calendar year. Unless a Covered Entity is ceasing department-authorized operations before that year end, a Certification of Compliance before year end will not satisfy the requirement that a Covered Entity certify its compliance as of year-end."

The NYDFS Cyber Security Regulation (23NYCRR500) requires all New York-licensed insurance agencies, agents and brokers to file a certification of compliance, prior to Thursday, Feb. 15, 2018, and annually thereafter. The certification confirms that the licensed entity has complied with the regulation to the extent required, which includes conducting a risk assessment and developing cybersecurity programs and policies based upon that risk assessment. 

Digital Edge is an expert in ISO standards, is certified by International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.

Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance. 

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

1. DFS Compliance – Mandatory Cybersecurity Requirements
2. To Do: Check List to Comply with DFS Cybersecurity Law
3. Discover the NEW online DFS Cybersecurity Reporting Portal
4. Exempt from DFS Cybersecurity Regulations – Now What?

In March of 2017, the New York State Department of Financial Services’ (DFS) issued its “Part 500” - Mandatory Cybersecurity Requirements for financial services entities. Thus, requiring banks, insurers, and other financial institutions to establish and maintain a “risk-based, holistic, and robust security program” that is ultimately designed to protect consumers’ private data. Partial exemptions are provided for covered entities based on their staffing level, annual revenue, or total assets. 

The initial deadline for submitting an annual Certification of Compliance on February 15, 2018 is rapidly approaching, and all organizations are required to comply with DFS Part 500 Section 9, Risk Assessment by March 1, 2018. 

Digital Edge is an expert in ISO standards, is certified by International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.
 
Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance. 

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

1. DFS Compliance – Mandatory Cybersecurity Requirements
2. To Do: Check List to Comply with DFS Cybersecurity Law
3. Discover the NEW online DFS Cybersecurity Reporting Portal
4. Exempt from DFS Cybersecurity Regulations – Now What?

Author: Danielle Johnsen (VP of Compliance)
Date: 5 April 2017
Version: 2.0

This document defines Digital Edge’s policy on Information Security and is based on the following principles.

Digital Edge publishes this policies to make sure everybody get meaningful choices about how and why data is collected and used, and ensuring that you have the information you need to make the choices that are right for you across our products and services.

Digital Edge committed to ISO standards and publishes bridging polciy as well as some other global policies. 

ISO 27001-2013 High Level Information Security Policy

Digital Edge GDPR Policy

Contact Us

If you have any questions or complaints about our policies, write or call our Compliance Team:

Digital Edge Ventures Inc – Compliance Team
7 Teleport Drive Staten Island New York 10311
Call us: 1-718-370-3352
Email us: compliance@digitaledge.net