admin

Guidelines for selection, deployment, and operation of intrusion detection and prevention systems 1. Introduction to ISO/IEC 27039:2015 — Intrusion Detection and Prevention Systems ISO/IEC 27039:2015 (published in 2016) provides guidelines for the selection, deployment, and operation of intrusion detection systems…

A Comprehensive Guide to IDPS in the Modern Threat Landscape Introduction: The Evolving Role of IDPS in Modern Security Architecture ISO/IEC 27039 provides comprehensive guidance for the selection, deployment, and operation of intrusion detection and prevention systems (IDPS) within an…

A comprehensive guide to information security in supplier relationships 1. Overview and Scope of ISO/IEC 27036-3:2013 ISO/IEC 27036-3:2013 is part of the ISO/IEC 27036 series that addresses information security in supplier relationships. Specifically, this part provides guidelines for the acquisition…

Cloud-specific information security guidelines for supplier relationships 1. Understanding ISO/IEC 27036-4:2016 for Cloud Services ISO/IEC 27036-4:2016 extends the supplier relationship security framework specifically to cloud services. As organizations increasingly migrate workloads to public, private, and hybrid cloud environments, the need…

Guidelines for handling digital evidence with integrity and legal admissibility 1. Introduction to ISO/IEC 27037:2012 and Digital Evidence ISO/IEC 27037:2012 provides guidelines for the identification, collection, acquisition, and preservation of digital evidence. In an era where digital evidence underpins criminal…

Practical guidance for detecting, analyzing, containing, and recovering from security incidents The operational phase of incident management is where preparation meets reality. ISO/IEC 27035-3:2020 provides detailed procedural guidance for the detection, analysis, containment, eradication, and recovery phases of incident response.…

Coordination frameworks for multi-team and cross-organizational incident management In complex incidents — particularly those affecting multiple business units, multiple organizations, or critical national infrastructure — effective coordination is as important as technical response capability. ISO/IEC 27035-4:2020 provides the framework for…

Foundational concepts for securing information and systems in supplier relationships Modern organizations rely on an extensive ecosystem of suppliers, vendors, and service providers. Each relationship introduces information security risks that must be understood and managed. ISO/IEC 27036-1:2021 provides the foundational…

Security requirements for defining, implementing, and managing supplier relationships While ISO/IEC 27036-1 provides concepts and an overview framework, ISO/IEC 27036-2:2014 defines the specific requirements for establishing, implementing, and maintaining information security in supplier relationships. This requirements standard is designed for…

Real-World Implementation Guidance for Application Security Controls Introduction: Learning from Real-World Application Security ISO/IEC 27034-6 provides structured case studies that demonstrate how organizations across different sectors have implemented application security controls in alignment with the ISO/IEC 27034 framework. Rather than…