Enabling DD-WRT web interface from SSH

With this article we’re starting a new category regarding DD-WRT and micro-embedded devices. I’ve been using DD-WRT (and other variants as Open-WRT, Tomato, etc. depending on the device) for quite a while and every now and then I need to re-enable the web-interface from the command line. For instance I found the web-interface not responding… Continue reading Enabling DD-WRT web interface from SSH

ISO 27001 Domains, Control Objectives and Controls

ISO 27001 has for the moment 11 Domains, 39 Control Objectives and 130+ Controls. Following is a list of the Domains and Control Objectives. 1. Security policy Information security policy Objective: To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. 2. Organization of information security… Continue reading ISO 27001 Domains, Control Objectives and Controls

PCI DSS Control Objectives

Payment Card Industry Data Security Standard has six control objectives and 12 requirements: 1. Build and Maintain a Secure Network Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters 2. Protect Cardholder Data Requirement 3: Protect stored cardholder… Continue reading PCI DSS Control Objectives

ISO 27001 Certification Statistics

How many companies have certified under ISO 27001? You can find the answer here. So, under 7300 as of mid-August 2011. Now, in another report from April 2008, there were 4500 certificates. With the distribution: Japan (2550); UK (370);India (430); Taiwan (175); China(110); Germany (90); and then a group of countries (Hungary, Italy, USA, &… Continue reading ISO 27001 Certification Statistics

ISMS Certification vs Conformity

So, as stated here you can certify against ISO/IEC 27001 only. But why certify? Here are some reasons provided by certification bodies. Certification finds no basis in legislative or regulatory requirement, so why bother? The best answer is to validate that investment in security controls meets business goals and provides business value. Business value is… Continue reading ISMS Certification vs Conformity

ISO ISMS history

The ISO is developing a new series of security standards, the first of which is ISO 27001, Information Technology—Security Techniques— Information Security Management Systems—Requirements. ISO 27001 replaces British Standard (BS) 7799, Part 2. BS 7799, Part 1 evolved into ISO 17799, Information Technology—Security Techniques—Code of Practice for Information Security Management and is now known as… Continue reading ISO ISMS history

The ISO/IEC 27000 Set of Standards Overview

The ISO/IEC 270xx is a set o standards regarding Information Security Management Systems (ISMS). The developer of this standards is the International Organization for Standardization http://www.iso.org/. ISO/IEC 27001 and ISO/IEC27002 are derived from ISO/IEC 17799:2005 who is derived from BS7799 (British Standard). Many standards regarding ISMS are under development and the published ones are subject… Continue reading The ISO/IEC 27000 Set of Standards Overview