The effect of ISO/IEC 27001 standard over open-source intelligence

The Internet’s emergence as a global communication medium has dramatically expanded the volume of content that is freely accessible. Through using this information, open-source intelligence (OSINT) seeks to meet basic intelligence requirements. Although open-source information has historically been synonymous with strategic intelligence, today’s consumers range from governments to corporations to everyday people. This paper aimed to describe open-source intelligence and to show how to use a few OSINT resources. In this article, OSINT (a combination of public information, social engineering, open-source information, and internet information) was examined to define the present situation further, and suggestions were made as to what could happen in the future. OSINT is gaining prominence, and its application is spreading into different areas. The primary difficulty with OSINT is separating relevant bits from large volumes of details. Thus, this paper proposed and illustrated three OSINT alternatives, demonstrating their existence and distinguishing characteristics. The solution analysis took the form of a presentation evaluation, during which the usage and effects of selected OSINT solutions were reported and observed. The paper’s results demonstrate the breadth and dispersion of OSINT solutions. The mechanism by which OSINT data searches are returned varies greatly between solutions. Combining data from numerous OSINT solutions to produce a detailed summary and interpretation involves work and the use of multiple disjointed solutions, both of which are manual. Visualization of results is anticipated to be a potential theme in the production of OSINT solutions. Individuals’ data search and analysis abilities are another trend worth following, whether to optimize the productivity of currently accessible OSINT solutions or to create more advanced OSINT solutions in the future.

Audits in Cybersecurity

The objective of this chapter is to provision a comprehensive literature review of the most relevant approaches for conducting cybersecurity audits. The study includes auditing perspectives for specific scopes and the best practices that many leading organizations are providing for security and auditing professionals to follow. The chapter reviews relevant features for auditing approaches in the following order: ISO/IEC 27001:2013, ISO/IEC 27002:2013, Control Objectives for Information and Related Technology (COBIT) 2019, Information Technology Infrastructure Library (ITIL) 4, AICPA, ISACA, NIST SP 800-53, NIST CSF v1.1, IIA, PCI DSS, ITAF, COSO, ENISA, NERC CIP, and CSAM.

Акредитація та сертифікація як типові методи верифікації в Службі безпеки України

У статті висвітлюються аспекти верифікації при розробленні та виробництві озброєння, військової техніки, а також іншої продукції оборонного призначення, до якої відносяться спеціальні технічні засоби для зняття інформації з каналів зв'язку та інші технічні засоби негласного отримання інформації. Верифікація визначається за термінологією нормативних документів НАТО в якості набору видів діяльності, що порівнює продукт життєвого циклу системи озброєння та військової техніки, з необхідними характеристиками цього продукту. Наведені рекомендовані етапи верифікації, склад результатів верифікації та дії з керування результатом верифікації. Розглянуто умови узгодження заходів з верифікації та типові методи верифікації. На прикладі акредитації на відповідність вимогам ДСТУ ISO/IEC 17025:2017, ДСТУ ISO/IEC 17024:2012, ДСТУ EN ISO/IEC 17021-1:2015 та сертифікації продукції оборонного призначення, послуг, персоналу в Службі безпеки України із застосуванням ДСТУ ISO/IEC 27001:2015 “Методи захисту системи управління інформаційною безпекою. Вимоги”, ДСТУ STANAG 4107:2018 “Вимоги НАТО щодо проектування, розроблення та виготовлення” та пропонується механізм впровадження міжнародних стандартів і стандартів НАТО в Україні.

Extending unified theory of acceptance and use of technology with ISO/IEC 27001 security standard to investigate factors influencing Bring Your Own Device adoption in South Africa

Background: As the use of mobile computing devices such as smartphones increase in developing countries, some employees in organisations prefer using their privately owned mobile devices for work purposes by following the Bring Your Own Device (BYOD) practice. However, the actual factors that influence the adoption of this practice are limited.Aim: This study aimed to investigate the factors that positively influence the employee’s behavioural intention to adopt the BYOD practice in organisations.Setting: The focus of the study is workers in various industries in South Africa.Method: A model is proposed which extends components of the Unified Theory of Acceptance and the Use of Technology (UTAUT) model by certain elements of the ISO/IEC 27001 security standard and an organisational factor. It is a quantitative study. Through a snowball method, a sample of 130 South African workers participated in the study by completing an electronic survey where 106 valid responses were received.Results: The data analysis was conducted through the SPSS data analysis tool. The results revealed that performance expectancy, effort expectancy, awareness and training, and policy existence positively influence the behavioural intention to adopt the BYOD Practice.Conclusion: The outcome of this study will benefit practitioners considering the implementation of BYOD and also researchers seeking to expand the scope of existing technology adoption frameworks.

Análisis de información de la gestión de incidentes de seguridad en organizaciones

Los incidentes de seguridad en una organización se consideran la fuente principal para evaluar la correcta aplicación de los controles de seguridad en organizaciones públicas o privadas. La investigación está basada en el comportamiento de los incidentes ante la participación de controles de tecnologías de información conjuntamente con los procesos formales en las organizaciones. Se utilizaron buenas prácticas de seguridad basadas en las normas internacionales ISO/IEC 27001 e ISO/IEC 27002. Se aplicó la metodología Magerit v3 y técnicas de inteligencia de negocios para integrar y procesar la información obtenida a través de fuentes heterogéneas de información implementadas en las organizaciones bajo estudio. La información obtenida se estableció en 9 controles de seguridad comunes a las organizaciones en estudio aplicados bajo un estudio experimental. El análisis de los datos permitió establecer que el constante monitoreo y supervisión de la aplicación de los controles de seguridad eleva los niveles de seguridad en las organizaciones garantizando la continuidad de los servicios y procesos.

EVALUASI KEMANANAN SISTEM INFORMASI PASDEAL BERDASARKAN INDEKS KEAMANAN INFORMASI (KAMI) ISO/IEC 27001:2013

Information systems are a valuable asset for business actors, one of which is engaged in e-commerce. Pasdeal is a credit distributor and server service that implements an e-commerce information system. The use of information systems in the field of sales or electronic commerce is considered efficient because it has become a platform for media and services and new and unique capabilities that are not found in the physical world. Information security factor is a very important aspect to consider considering the performance of ICT governance. For this reason, information systems need an information security evaluation in order to find out the gaps and deficiencies in information security in the information system. The KAMI index is a reference tool to evaluate the level of readiness of information system security in an organization. Evaluation is carried out on various areas that are the target of information security implementation based on the ISO/IEC 27001:2013 standard. Based on the results of the KAMI index assessment, it was found that Pasdeal got a score of 591 points from the application of the ISO 27001 standard with a pretty good predicate.