Ataya and Partners ’s Post

Courses to do before ISO/IEC 27001:2022 Considering WWISE ISO/IEC 27001:2022 certification? Before diving into the world of ISO/IEC 27001:2022, it is essential to lay a solid foundation. Our various introductory cybersecurity courses are designed to equip you with the basic knowledge and skills necessary to navigate information security management effectively. Topics we cover include: Malware Mobile security Password security Phishing Removable media Safe web browsing If you already have a basic understanding of most of those topics, you are ready for our ISO 27001:2022 Transitioning course from ISO/IEC 27001:2013 to ISO/IEC 27001:2022. The transitioning course works through the changes to the ISO/IEC 27001:2022 from the ISO/IEC 27001:2013 standard. Once the transitioning course is completed our ISO/IEC 27001:2022 awareness training takes you from understanding the fundamentals of information security to mastering risk assessment methodologies. You will delve into topics such as data protection, risk management frameworks, and conformance requirements, empowering you to proactively safeguard your organisation’s assets. Start your journey to ISO/IEC 27001:2022 readiness today with our eLearning courses. Elevate your knowledge and embark on the path to information security excellence. #ISO27001 #informationsecurity #certificationprep #cyberattack #cybertech

Key Accomplishments in 2024 Graduated with an MSc in Cybersecurity (Distinction) Earned certifications: ISO 27001:2022, ISO 14001, ISO 45001, ISC CC, CompTIA Security+, and OneTrust Privacy GRC Conducted ISO 9001, ISO 27001, and IMS implementation, surveillance, and certification audits Gained extensive experience with industry-leading cybersecurity tools Looking Ahead to 2025 As I wrap up 2024, I am already planning goals for next year. I am identifying risks and opportunities and will apply the PDCA (Plan-Do-Check-Act) cycle to achieve them, staying true to the auditor’s mantra of continual improvement. Here’s to smashing 2025 goals, one after the other. Cheers! 😊

🌍 In today's world, information security is more critical than ever. Safeguarding data is essential to build a strong business resilience. I’m proud to share that I have successfully completed the EXIN Information Security Foundation based on ISO/IEC 27001 (ISFS) certification. This achievement represents an important step in my continuous learning journey and my commitment to developing expertise in cybersecurity. I remain focused on growing my knowledge and applying these skills to protect sensitive information and contribute to secure, sustainable systems. 🔐

IEC SECURITY COMPROMISE I added this latest notification regarding a security compromise to my POPIA Awareness Training. Link to the YouTube video in the comments

It’s imperative to note and distinguish the requirements of unique standards as it pertains to management systems versus technicalities. If you read the first comment, it makes it known that needs analyses are just important as implementations of what “makes sense” for the software and assets that your company has. Nice post!

Unlock the full potential of your organization by attending our ISO 27001 training on Friday, 4th October 2024. This comprehensive session will equip your team with the expertise to implement and manage a robust Information Security Management System (ISMS), bringing numerous benefits to your company: 1.Enhanced Data Security: Protect sensitive information from breaches and cyber threats by adhering to international best practices. 2.Regulatory Compliance: Ensure your organization meets global regulatory requirements and avoid costly fines. 3.Client Trust & Confidence: Boost your reputation by demonstrating a strong commitment to safeguarding client data. 4.Operational Efficiency: Streamline processes, reduce risks, and minimize disruptions to your business. 5.Competitive Advantage: Gain a significant edge in the market by showcasing your dedication to information security. Don’t miss out on this opportunity to strengthen your company’s security posture. Register now and take the first step towards safeguarding your business and enhancing your brand’s credibility! Click the link below to register: https://lnkd.in/dcTNtyyc #iso #isostandards #informationsecuritymanagementsystem #informationsecurity #iso27001 #iso270012022

Did you know that ISO27001 doesn't require you to do annual pentesting? 👀 The compliance people amongst you are probably thinking "of course it doesn't, it just requires you to consider the control" but in fact it doesn't even do that... To my knowledge 27001 makes no mention at all of pentesting... All it says is that "Information about technical vulnerabilities of information systems in use shall be obtained, the organization’s exposure to such vulnerabilities shall be evaluated and appropriate measures shall be taken" - ISO 27001:2022 Annex A objective 8.8 Of course we can discuss what ISO27002 says or what a framework really is… But the point I'm trying to make here is that you are probably free to be a lot more creative and sophisticated with your security testing approach than you might realise.

I see where you're coming from, but I feel a bit differently. Penetration testing is really about identifying security gaps, so it’s not just about whether ISO27001 specifically requires it or not. The goal, ideally, should be to conduct these tests regardless, to understand the true security posture of your platforms, right? It’s also not just about whether it’s required yearly or not—organizations can choose to run these tests quarterly or even monthly. Ultimately, it depends on how a company prioritizes security and views the importance of staying proactive in addressing potential vulnerabilities.

On World Password Day, let's focus on the important role of strong, secure passwords in protecting personal and corporate data. As digital threats become increasingly sophisticated, it is crucial to have strong cybersecurity measures across all platforms.  Effective password management is a key defence against unauthorised access and cyber-attacks. ISO 27001 Awareness Training equips you with the knowledge and techniques necessary to enhance your data security measures, including essential aspects of password management. This training will develop your understanding of ISO 27001's requirements and the best practices for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). Learn more: https://lnkd.in/gkYCzeD2 #WorldPasswordDay #ISO27001 #CybersecurityAwareness

#30daysoflearningwithodinaka Day 8 Today, I completed the course I started yesterday " ISO/IEC 27001:2022 INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) FOUNDATION" The major things I learnt are: 👉🏾The core components of an ISMS, including policy, procedures, and continual improvement. 👉🏾The interconnectedness of ISO/IEC 27001, ISO/IEC 27002, and other industry standards. 👉🏾Practical approaches to implementing and managing an effective ISMS. 👉🏾ISO 27001 and its related frameworks like PCDA framework, ISO 27002, ISO 27005, NIST cybersecurity. I feel like I now have a grounded knowledge on ISO 27001 and I am excited to apply these learnings to enhance organizational security #ISO27001 #ISMS #Cybersecurity #GRC #InformationSecurity #LearningJourney #SkillUp #30DayChallenge