Alexander Knorr opexxx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sarbanes Oxley COSO | |
| " - Risk Assessment | |
| - Objective Setting | |
| - Event Identification" | |
| " - Risk Response | |
| - Event Identification" | |
| " - Internal Environment | |
| - Objective Setting |
opexxx
/ COBIT 2019 Domains and Objectives
Created
February 8, 2022 17:53
COBIT 2019 Domains and Objectives
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| COBIT 2019 Domains and Objectives | |
| Governance: | |
| =========== | |
| Evaluate, Direct and Monitor | |
| EDM01 Ensured Governance Framework Setting and Maintenance | |
| EDM02 Ensured Benefits Delivery | |
| EDM03 Ensured Risk Optimization | |
| EDM04 Ensured Resource Optimization | |
| EDM05 Ensured Stakeholder Engagement |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Die 7 Grundprinzipien: | |
| 1. Proaktiv, nicht reaktiv; als Vorbeugung und nicht als AbhilfeDer Privacy by Design (PbD) Ansatz ist von proaktiven statt reaktiven Maßnahmen geprägt. Er sieht in die Privatsphäre vordringende Ereignisse voraus und verhindert sie, bevor sie geschehen können. Privacy by Design kommt zum Einsatz bevor die Risiken für den Datenschutz aufgetreten sind, es bietet keine Abhilfe im Falle von datenschutzrechtlichen Verletzungen, wenn sie erst einmal eingetreten sind – es verhindert vielmehr deren Auftreten. Kurz gesagt, Privacy by Design verhindert bereits, dass Fakten geschaffen werden. | |
| 2. Datenschutz als StandardeinstellungWir können uns alle einer Sache gewiss sein – die Standardeinstellungen sind entscheidend! Privacy by Design soll den größtmöglichen Schutz der Privatsphäre bringen, indem sichergestellt wird, dass personenbezogene Daten automatisch in jedem IT-System und bei allen Geschäftspraktiken geschützt werden. Wenn eine Person nichts unte |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The 7 Foundational Principles Privacy by Design is a concept I developed back in the 90’s, to address the ever-growing and systemic effects of Information and Communication Technologies, and of large-scale networked data systems.Privacy by Design advances the view that the future of privacy cannot be assured solely by compliance with regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation.Initially, deploying Privacy-Enhancing Technologies (PETs) was seen as the solution. Today, we realize that a more substantial approach is required — extending the use of PETs to PETS Plus — taking a positive-sum (full functionality) approach, not zero-sum. That’s the “Plus” in PETS Plus: positive-sum, not the either/or of zero-sum (a false dichotomy).Privacy by Design extends to a “Trilogy” of encompassing applications: 1) IT systems; 2) accountable business practices; and 3) physical design and networked infrastructure.Principles of Privacy by Design may beapplied t |
opexxx
/ Legal and Regulatory Implications for Information Security
Created
February 4, 2022 12:36
Legal and Regulatory Implications for Information Security
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Germany: | |
| The Federal Republic of Germany is a federal state made up of 16 states (the Länder). The main sources of law | |
| include the written constitution, referred to as the Basic Law (Grundgesetz), federal laws passed by the national | |
| parliament (Bundestag) and laws of the Länder. This overview focuses solely on federal laws, which apply across | |
| the federal territory. | |
| Germany’s Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) is | |
| the national cyber security authority. Among other functions, it is responsible for protecting federal networks, | |
| providing technical expertise, analysing threat information and incident reporting, and developing security | |
| standards for the federal government. A recent initiative is the Cyber Innovation Hub, which was created by the | |
| German Armed Forces (Bundeswehr) to foster collaboration between the military and start-ups with the aim of |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| No. Control | |
| AC-1 ACCESS CONTROL POLICY AND PROCEDURES | |
| AC-2 ACCOUNT MANAGEMENT | |
| AC-3 ACCESS ENFORCEMENT | |
| AC-4 INFORMATION FLOW ENFORCEMENT | |
| AC-5 SEPARATION OF DUTIES | |
| AC-6 LEAST PRIVILEGE | |
| AC-7 UNSUCCESSFUL LOGON ATTEMPTS | |
| AC-8 SYSTEM USE NOTIFICATION | |
| AC-10 CONCURRENT SESSION CONTROL |
opexxx
/ 40 Information Security rules, principles and advices
Created
February 2, 2022 23:10
40 Information Security rules, principles and advices
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Rule 1 - Have an accurate map of IT installations and keep it updated. | |
| Rule 2 - Keep an exhaustive inventory of privileged accounts and ensure this is updated. | |
| Rule 3 - Create and apply procedures for the arrival and departure of users (personnel, interns, etc.). | |
| Rule 4 - Limit the number of Internet access points for the company to those that are strictly necessary. | |
| Rule 5 - Prohibit the connection of personal devices to the organisation's information system. | |
| Rule 6 - Know how all software components are updated and keep up-to-date on the vulnerabilities of these components and their required updates. | |
| Rule 7 - Define and strictly apply an update policy. | |
| Rule 8 - Identify each individual accessing the system by name. | |
| Rule 9 - Set rules for the choice and size of passwords. | |
| Rule 10 - Set in place technical methods to enable authentication rules to be followed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 802.1X authentication | |
| Access to sufficient data sources and tools | |
| Access to systems and data by service providers | |
| Account lockouts | |
| Account unlocks | |
| Active, malicious and suspicious content | |
| Administrative interfaces for wireless access points | |
| After travelling overseas with mobile devices | |
| Aggregation of database contents | |
| Allowing access to specific content types |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| A CISO is appointed to provide cyber security leadership and guidance for their organisation. | |
| The CISO oversees their organisation’s cyber security program and ensures their organisation’s compliance with cyber security policy, standards, regulations and legislation. | |
| The CISO regularly reviews and updates their organisation’s cyber security program to ensure its relevance in addressing cyber threats and harnessing business and cyber security opportunities. | |
| The CISO implements cyber security measurement metrics and key performance indicators for their organisation. | |
| The CISO coordinates cyber security and business alignment through a cyber security steering committee or advisory board, comprising of key cyber security and business executives, which meets formally and on a regular basis. | |
| The CISO coordinates security risk management activities between cyber security and business teams. | |
| The CISO reports directly to their organisation’s senior executive and/or Board on cyber security matters. | |
| The CISO is fully aw |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1 Business controls | |
| Control | |
| Description | |
| 1.1 Vulnerability reports | |
| Publish the point of contact for security reports on your website |