What actually is privilege escalation in IT applications?
Privilege escalations in applications – often referred to as privilege escalation – are vulnerabilities that allow attackers or even regular users to access data, information or system functions for which they have no authorization. Attackers can take advantage of such gaps and, for example, manipulate or steal data without authorization. What are the types of […]
What exactly is examined during ISO 27001 certification?
What exactly is examined during ISO 27001 certification? There are many myths surrounding this question. Many believe that “IT security” is audited. Others think that compliance is put through its paces – in terms of information security. And still others think a product or service would be certified. And organizations could show that after receiving […]
4 questions in preparation for your IT security audit
Many organisations trust that their own systems and applications “will be secure somehow”. Especially when third parties such as IT service providers or cloud services are used, the trust in IT security is great. Our experience shows: often too much, because security gaps lurk here as well. These often arise from inadequate programming, carelessness during […]
The new ISO 27001:2022 is coming! What is new?
If we closely review the ISO 27001:2013 standard or the draft of the new 27001:2022, we see that the terms penetration testing and vulnerability scanning are not explicitly mentioned either as requirements or as a measure. Yet ISO 27002 (implementation guide of Annex A to ISO 27001) refers in a number of passages to penetration […]
Cloud is no panacea
One of the core competences of cloud service providers is the safeguarding of infrastructures with regard to IT security. But what should be taken into account when using the cloud? The cloud has many advantages: For example, cloud users do not need to worry about the security of the basic infrastructures. This is one of […]
“Internal Audit” vs Management Review: What’s the difference?
This question is often asked by novices who are dealing with ISO 27001 for the first time. What is an Internal Audit? An internal audit is a self-audit to verify three key points by an expert auditor: 1. are the requirements of the ISO 27001 standard (as amended) met? 2. does the ISMS (information security […]
Regular IT security checks as an essential component of risk provisioning
Risk precautions are supposedly just as unwelcome as health precautions. But they are just as important! Various studies prove: Attacks on IT systems and applications are increasing significantly. The consequences are financially devastating. At the beginning of the year, Michael Kroker set a record for the number of hacker attacks on organisations’ systems and information. […]
Information Security and/or IT Security?
The terms IT security or information security are often used synonymously, go in a comparable direction but mean different things. However, it is worth taking a closer look to differentiate between the terms. Information security “Information security” as an umbrella term covers the protection of all so-called information assets including analog issues or communication. This […]
700,000 online shopper information unprotected on the web
Numerous details about people, their purchases and other sensitive details could be accessed unprotected on the web for months, as Der Spiegel (German content) prominently reports on its website. A service provider had inadequately secured a technical interface. Even upon request, this IT security incident was not addressed until after it had been reported in […]
Vulnerability in Samba LDAP server – regular patching protects against negative effects
A serious vulnerability exists in the popular Samba server, which provides Windows file and print services in Linux environments. Linux systems should be updated as soon as possible, because the vulnerability with the identifier CVE-2020-27840 is already being actively exploited. What is the status of your organization’s patch strategy? Are your organization’s processes designed to […]
