Tag Archives: ISO 27001

Domain Name Registry

EURid granted its ISO/IEC 27001 recertification

EURid logo[news release] In response to its continual pursuit to provide secure, high-quality and trustworthy services to accredited registrars and the general public, EURid has been granted its ISO/IEC 27001 recertification following an audit by BSI, the British Standards Institution.

ISO/IEC 27001 provides requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS) in the framework of general company risks. It includes people, processes and IT systems by applying a risk management process.

ISO/IEC 27001 is an internationally accepted and recognised standard for managing information security risks and is therefore in line with EURid’s main philosophy of establishing online trust.  In an interview with ECO International, Marc Van Wesemael, EURid’s General Manager, states that “The Internet is evolving towards a more trustworthy space”, adding that “developing a trustworthy online space is one of the main tasks that EURid has taken on”. To do this, EURid stands by the ISO/IEC 27001 standard and conducts many actions to enhance security and trust such as monitoring the validity of registrations and predicting whether or not a desired domain name will be used in an abusive situation.

The full interview can be found at https://international.eco.de/2016/news/an-evolution-towards-more-trust-on-the-internet.html.

Learn more about ISO/IEC 27001 at www.iso.org/iso/iso27001.

This EURid news release was sourced from:
https://eurid.eu/en/news/eurid-granted-its-iso-iec-27001-recertification/

Domain Name Registrants, Domain Name Registrars, Domain Name Registry

SWITCH, With DENIC and nic.at, Wins CENTR Security Award

SWITCH logoSWITCH and its counterparts in Austria (nic.at) and Germany (denic) have been rewarded for their joint efforts to protect the Domain Name System. They have won the Security Award from the Council of European National Top Level Domain Registries (CENTR).

[news release] The Austrian, German and Swiss registries joined forces to improve their processes for protecting the Domain Name System (DNS). SWITCH, nic.at and denic have won the CENTR Award in the category Security for this new form of collaboration. The award is for innovative projects and cooperations in the field of top-level domain registries. Urs Eppenberger, Head of Commercial Customers at SWITCH, is delighted by this honour: “SWITCH endeavours to make the Internet safe in Switzerland. The award from CENTR vindicates these efforts and shows that we are on the right track.”

Improved processes thanks to collaboration with German and Austrian registries

SWITCH had the information security management system (ISMS) for the DNS certified according to ISO 27001 just over a year ago. This is the global standard for ISMSs. The .ch registry is among the first in Europe to be certified. In order to meet the high standards required for ISO certification, SWITCH must continually review and optimise its own security processes. It made the decision to share the tasks of internal auditing under the ISO standard and assessing compliance with the registries in Austria and Germany. SWITCH, nic.at and denic thus meet three times a year to check each other’s security processes and draft recommendations for greater security.

Continual optimisation of security levels

The Domain Name System (DNS) is a critical infrastructure. It links Internet addresses with the servers hosting the associated websites. Should it be hacked or fail to work for any other reason, many areas of day-to-day life in Switzerland would practically grind to a halt. Payment transactions and large parts of the public transport network are just two examples that would be hit hard by a breakdown. SWITCH works to protect the DNS against downtime and continually optimise its security. Its efforts regarding security are bearing fruit: .ch domains are among the most secure throughout the world.

Explanation of terms

Registry

A registry is an organisation that centrally administers the operation of a country’s Domain Name System (DNS). In particular, it is in charge of registering the country’s domain names. Examples include nic.at in Austria and denic.de in Germany. SWITCH is contracted by OFCOM in Switzerland to register domain names ending in .ch and by the Office for Communications in the Principality of Liechtenstein to register domain names ending in .li.

This SWITCH news release was sourced from:
http://www.switch.ch/news/centr-security-award/

Domain Name Registrants, Domain Name Registrars, Domain Name Registry

Germany Registry DENIC Attains ISO 27001 Certification

DENIC, the .de registry operator has had its information and security management system (ISMS) certified in accordance with the provisions of the ISO/IEC 27001:2013 standard under a full-scope audit by the German certification body TÜV Nord.The main focus of ISO 27001 is to establish, implement, maintain and continually improve an information security management system. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of an organisation.Its importance was addressed in an article earlier this year that asked “how much does it cost to get?” by Jos van Schaik, a founding partner at CumulusTrust. In his article he said he likes to reply with a question: “how much does it cost when you don’t have it?””The answer to the first question is easy”, writes van Schaik, “but the answer to the second one is more complicated. As a financial I am interested in the business case. If the cost of not having an ISO 27001 certification is higher than the cost of getting and maintaining one, you can actually make a profitable investment by getting certified.”The certification was attained on 10 October 2014 when DENIC had its information and security management system (ISMS) certified in accordance with the provisions of the ISO/IEC 27001:2013 standard under a full-scope audit by the German certification body TÜV Nord. Covered by the audit were all the tasks, infrastructures and processes that are required to provide DENIC’s services of domain registration, name resolution and lookup services as well as its infrastructure services for operators of other name spaces.”At DENIC, information security has always been of paramount importance and an integral part of all business processes. The certification according to the internationally recognized ISO/IEC 27001:2013 standard underscores the high-level implementation of our ISMS, which the auditors said to stand out by a large number of ‘good practices’,” says DENIC CEO Dr. Jörg Schweiger.”The regular follow-up monitoring audits will assure ourselves, the members of our Cooperative and the Internet community that our business processes and our information security will consistently meet the high requirements of the ISO standard,” adds Chief Information Security Officer Boban Krsic, who has established the Information Security Management System at DENIC and brought it to certification readiness, together with his team.The audit was successfully completed on 10 October 2014. Next to a systematic holistic approach for controlling security-related processes across the organization, TÜV Nord attests DENIC full transparency and traceability of its processes as well as an information security risk management that is in compliance with the requirements of the ISO/IEC 27001:2013 standard.

Domain Name Registrants, Domain Name Registrars, Domain Name Registry

NIC.AT Gets ISO Certification. But What Is It And What Does It Mean?

NicAT ISO Certificate DomainPulse 2014It took one year of monitoring and optimising business processes, but nic.at has now officially received the ISO 27001 certificate.

Auditors of the certification body CIS confirmed the application and further development of an effective Information Security Management System complying with ISO 27001:2013. Additionally, the nic.at subsidiary IPCom and the sister company TLD-Box were certified.

“We at nic.at are constantly aware of our responsibility regarding .at and the other ccTLDs and gTLDs we are operating,” says Christian Proschinger, Chief Information Security Officer at nic.at. “Going through the certification process allowed us to question and thus optimise our information security management system. We are very happy to have taken this step successfully and we will keep improving in the future.”

But what is ISO 27001? Its main focus is to establish, implement, maintain and continually improve an information security management system. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of an organisation.

Its importance was also addressed in a recent article. “How much does it cost to get it?” is a question Jos van Schaik, a founding partner at CumulusTrust, is often asked. In his article he says he likes to reply with a question: “how much does it cost when you don’t have it?”

“The answer to the first question is easy”, writes van Schaik, “but the answer to the second one is more complicated. As a financial I am interested in the business case. If the cost of not having an ISO 27001 certification is higher than the cost of getting and maintaining one, you can actually make a profitable investment by getting certified.”

Van Schaik looks at a few of the cost components of not having the ISO 27001 certificate – opportunity cost; lost customers (churn); trust and transparency: lost opportunity for a competitive advantage; risk of data loss, breach of privacy or confidentiality and outages and finally the business case. In conclusion after looking at the cost components Van Schaik writes “can you afford the cost of NOT having an ISO 27001 certification?”

The full article by Jos van Schaik, founding partner at CumulusTrust, is available on the CumulusTrust website at cumulustrust.com/cost-iso-27001-certification.