Remove 11
Remove 2013 Remove Data Remove Information Security Remove Security
article thumbnail

What Are ISO 27017 and ISO 27018, and What Are Their Controls?

IT Governance

Extending your ISMS to address Cloud security risks ISO 27001 sets out the specification – the requirements – for an effective ISMS (information security management system). But did you know you can extend your ISO 27001 ISMS to cover specific aspects of Cloud security ? Administrator’s operational security CLD.12.4.5

Cloud 88
article thumbnail

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

The Colorado Department of Higher Education (CDHE) finally disclosed a data breach impacting students, past students, and teachers after the June attack. In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks City of Philadelphia discloses data breach after five months Date of breach: 24 May 2023 ( notice issued 20 October 2023).

article thumbnail

ISO 27001:2022 Has Been Released – What Does It Mean for Your Organisation?

IT Governance

A new version of ISO 27001 was published this week, introducing several significant changes in the way organisations are expected to manage information security. Annex A of ISO 27001 now refers to the updated information security controls in ISO 27002:2022, and the Standard requires organisations to document and monitor objectives.

IT 114
article thumbnail

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

Until this month, I'd never heard of People Data Labs (PDL). I'd certainly heard of the sector they operate in - "Data Enrichment" - but I'd never heard of the company itself. i speak at conferences around the world and run workshops on how to build more secure software within organisations.

article thumbnail

N. Korean Kimsuky APT targets S. Korea-US military exercises

Security Affairs

The news was reported by the South Korean police on Sunday, the law enforcement also added that the state-sponsored hackers did not steal any sensitive data. The military drill, the Ulchi Freedom Guardian summer exercises , will start on Monday, August 21, 2023 , and will last 11 days. Korean Kimsuky APT targets S.

article thumbnail

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

Security Affairs

Kimsuky cyberespionage group (aka Springtail, ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013. Troll Stealer supports multiple stealing capabilities, it allows operators to gather files, screenshots, browser data, and system information.