Latest news with #ISMS
Business Journals
3 days ago
- Business
- Business Journals
How to choose the right cybersecurity framework: A guide for mid-market companies
As cyber threats become more sophisticated and regulatory requirements more stringent, companies, especially mid-market, must take a proactive approach to security. Choosing the right cybersecurity framework is a critical step in protecting sensitive data, maintaining compliance and building trust with customers, investors and regulators. However, with so many frameworks available, each with different requirements and industry applications, determining the best fit can be challenging. Understanding cybersecurity frameworks vs security standards Cybersecurity frameworks: Structured sets of best practices and methodologies for managing cybersecurity risks. Helps organizations build a structured approach to security, ensuring that policies, processes and technologies align with industry-recognized standards. Security standards: Defines specific requirements that organizations must meet to achieve compliance. Typically associated with audits, ensuring that an organization meets legal and contractual obligations. Common security standards include HIPAA, PCI DSS and GDPR. While standards ensure compliance with regulatory requirements, frameworks offer strategic guidance for building a resilient security posture. Choosing the right framework ensures a comprehensive approach to cybersecurity that not only satisfies legal requirements but also strengthens overall protection against evolving threats. Key cybersecurity frameworks in 2025 Selecting the best framework depends on your industry, regulatory landscape and business operations. NIST Cybersecurity Framework (CSF) 2.0 Developed by the National Institute of Standards and Technology (NIST), the NIST CSF 2.0 is a voluntary, risk-based cybersecurity framework focuses on six core functions: govern, identify, protect, detect, respond and recover. It provides a variety of high-level cybersecurity outcomes that organizations can use to understand, assess, prioritize and communicate their cybersecurity efforts more effectively. Best for: Organizations of any size or sector, particularly those looking for a flexible and risk-based approach to managing cybersecurity and aligning with industry standards. ISO/IEC 27001 The ISO/IEC 27001 is an internationally recognized standard for information security management. It provides a structured framework for implementing an Information Security Management System (ISMS), ensuring the confidentiality, integrity and availability of corporate data, including financial information, intellectual property, employee details and third-party managed data. Best for: Organizations of any size or sector, especially those needing a comprehensive ISMS to ensure data protection and demonstrate compliance to international standards. CIS Controls Developed by the Center for Internet Security (CIS), CIS Controls are a structured and simplified set of best practices designed to help organizations strengthen their security posture. Best for: Small to mid-market organizations seeking a simplified, actionable set of cybersecurity best practices to quickly strengthen their security posture with minimal resource investment. CMMC The Cybersecurity Maturity Model Certification (CMMC) is a unified standard developed by the U.S. Department of Defense (DoD) to ensure contractors and subcontractors meet specific cybersecurity practices when handling Controlled Unclassified Information (CUI). CMMC integrates various cybersecurity standards and best practices and assigns them across maturity levels, ranging from foundational to advanced. Best for: Defense contractors and subcontractors in the DoD supply chain who must demonstrate compliance with strict cybersecurity requirements to be eligible for government contracts. FedRAMP The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment, authorization and continuous monitoring for cloud services used by federal agencies. It ensures that cloud providers meet strict federal security requirements before working with government entities. Best for: Cloud service providers aiming to do business with U.S. federal agencies and needing to prove compliance with federal cybersecurity standards. StateRAMP Modeled after FedRAMP, StateRAMP offers a standardized approach to cybersecurity for state and local governments. It helps ensure that cloud service providers meet consistent security requirements when providing services to government agencies, promoting transparency, verification and trust. Best for: Cloud vendors looking to work with state and local governments that require proven compliance with standardized cybersecurity benchmarks. How to choose the right framework for your business Assess your current security posture Before selecting a new framework, conduct a comprehensive gap assessment to evaluate your institution's existing cybersecurity controls. Identify strengths, pinpoint vulnerabilities and determine where enhancements are needed to align with your chosen framework. Understand your industry requirements Certain frameworks are better suited for meeting industry-specific regulations. Understanding your industry's unique regulatory landscape will help you determine which security frameworks align with these requirements and which ones are most effective for addressing sector-specific risks. Consider business goals and objectives When selecting a security framework, it's important to align your choice with your company's broader business objectives. For example, with the FFIEC Cybersecurity Assessment Tool being phased out, financial institutions may consider adopting ISO 27001 to enhance their cybersecurity posture and build credibility with investors and regulators. Additionally, if your organization is focused on streamlining compliance processes or reducing the burden of managing multiple audits, a consolidated compliance framework, combining assessments like NIST, ISO, PCI DSS, HITRUST and/or SOC 2, can help alleviate audit fatigue and ensure consistent, efficient compliance across various regulatory requirements. Real-world example: For companies navigating a complex landscape of regulatory requirements, working with multiple providers testing the same controls can strain internal resources. Learn how FD's Consolidated Compliance Assessment Program helped a leading global payments technology company streamline compliance, exceed regulatory requirements and reduce audit redundancies. Read more here. Engage key stakeholders Cybersecurity is not just an IT concern; it requires collaboration across executive leadership, technology teams, risk and compliance professionals and internal audit. Engaging these stakeholders early ensures alignment on strategic priorities and regulatory expectations. Monitor, validate and adapt Cyber threats and regulatory expectations continue to evolve, making ongoing monitoring essential. Regularly measure progress against targeted cybersecurity maturity levels, reassess risk factors and adjust your strategy as needed. Internal audit should be involved in periodic reviews to validate compliance and readiness for regulatory examinations. Next steps: Strengthening your security posture Choosing the right security framework is more than just a compliance requirement; it's a strategic investment in your company's resilience, reputation and long-term success. As cyber threats grow more sophisticated and regulatory landscapes shift, companies must take a proactive approach to security. By assessing your current security posture, aligning with industry requirements and considering business goals, you can implement a framework that not only meets compliance standards but also strengthens your overall cybersecurity strategy. Navigating these complexities can be challenging, but you don't have to do it alone. Frazier & Deeter's experts are here to help you evaluate your options, implement the right framework and build a security posture that protects your business now and in the future. Contact us to get started. Frazier & Deeter (FD) is comprised of Frazier & Deeter, LLC, a US licensed CPA firm that provides attest services to its clients, and Frazier & Deeter Advisory, LLC, an alternative practice structure that provides tax and advisory services to clients worldwide. Learn more at
Time Business News
6 days ago
- Business
- Time Business News
How ISO 27001 Boosts Cybersecurity in Qatar
In today's digital era, businesses in Qatar face increasing threats from cyberattacks, data breaches, and information theft. As the nation advances toward a knowledge-based economy under Qatar National Vision 2030, the protection of sensitive information has become critical—not just for IT firms but for every organization handling data. One proven solution, therefore, is ISO 27001 certification. ISO 27001 is the international standard for Information Security Management Systems (ISMS). It provides a structured framework that helps organizations assess risks, implement controls, and continuously improve their information security posture. Whether it's customer data, intellectual property, financial information, or employee records, ISO 27001 ensures your systems are secure, confidential, and resilient. Qatar's rapid digital transformation, boosted by smart city initiatives, cloud computing, e-government services, and data-driven industries, has exposed organizations to more sophisticated cyber threats. From oil and gas companies to banks, hospitals, and logistics firms, data breaches can cause financial loss, regulatory penalties, and reputation damage. Moreover, the Qatar National Cyber Security Strategy emphasizes the need for strong cybersecurity governance across both public and private sectors. Therefore, ISO 27001 certification aligns perfectly with these goals by helping businesses secure their digital infrastructure. To begin with, ISO 27001 starts with identifying your organization's unique information security risks. It forces businesses to think beyond generic firewalls and anti-virus tools and assess vulnerabilities across people, processes, and technologies. Next, the standard includes a comprehensive set of 114 controls covering access control, cryptography, physical security, operations security, and more. These controls ensure that threats are minimized and sensitive information is only accessible to authorized individuals. In addition, ISO 27001 helps organizations in Qatar comply with local laws such as Law No. 13 of 2016 (the Personal Data Privacy Protection Law) and sector-specific regulations. Compliance reduces the risk of fines and builds trust with customers and stakeholders. Furthermore, with ISO 27001, companies establish formal incident response procedures, ensuring that cyberattacks and breaches are detected, contained, and resolved efficiently—minimizing downtime and damage. Finally, through internal audits, management reviews, and regular updates, ISO 27001 promotes continuous improvement of cybersecurity defenses. This adaptive approach keeps your systems resilient to evolving threats. Having ISO 27001 certification is also a badge of trust and professionalism. It clearly differentiates your business in tenders, especially in government or enterprise contracts. Notably, many large companies in Qatar now require their vendors and partners to be ISO 27001 certified, making it a gateway to new business opportunities. To sum up, cyber threats are no longer an IT problem—they're a business risk. ISO 27001 certification in Qatar provides businesses with a globally recognized, systematic approach to managing and securing information assets. By implementing its controls, companies across various sectors can protect their data, meet compliance requirements, build customer confidence, and align with Qatar's digital transformation goals. TIME BUSINESS NEWS
Yahoo
23-05-2025
- Business
- Yahoo
Abaxx Singapore Achieves ISO/IEC 27001:2022 Certification for Information Security Management
TORONTO, May 23, 2025 (GLOBE NEWSWIRE) -- Abaxx Technologies Inc. (CBOE:ABXX)(OTCQX:ABXXF) ('Abaxx' or the 'Company'), a financial software and market infrastructure company, majority shareholder of Abaxx Singapore Pte. Ltd. ('Abaxx Singapore'), the owner of Abaxx Commodity Exchange and Clearinghouse (individually, 'Abaxx Exchange' and 'Abaxx Clearing'), and producer of the SmarterMarkets™ Podcast, today announced that Abaxx Singapore has achieved ISO/IEC 27001:2022 certification for its Information Security Management System (ISMS). The certification confirms that Abaxx Singapore's exchange and clearing infrastructure meets internationally recognized standards for securing data, managing risk, and supporting operational resilience. The certification was awarded by Prescient Security, an independent global cybersecurity firm specializing in information security audits, compliance assessments, and penetration testing. ISO/IEC 27001:2022 is the global standard for information security management systems (ISMS), providing a framework for managing data security risks across people, processes, and technology. It is jointly published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). As part of the certification process, Abaxx Singapore underwent a comprehensive audit of its IT systems, risk management protocols, and governance controls. The review confirmed alignment with global best practices for establishing, maintaining, and continually improving information security management frameworks. 'Achieving ISO/IEC 27001:2022 certification demonstrates that our exchange and clearing infrastructure aligns with the highest global standards for information security,' said Nancy Seah, CEO of Abaxx Exchange. 'For market participants, it provides assurance that the systems supporting trade execution, clearing, and data protection are built on a secure and resilient foundation. It also supports onboarding and ongoing operations with global institutions that require independently audited controls for risk, compliance, and business continuity.' About Abaxx TechnologiesAbaxx Technologies is building Smarter Markets: markets empowered by better tools, better benchmarks, and better technology to drive market-based solutions to the biggest challenges we face as a society, including the energy transition. In addition to developing and deploying financial technologies that make communication, trade, and transactions easier and more secure, Abaxx is the indirect majority shareholder of Abaxx Singapore Pte. Ltd., the owner of Abaxx Exchange and Abaxx Clearing, and the parent company of wholly owned subsidiary Abaxx Spot Pte. Ltd., the operator of Abaxx Spot. Abaxx Exchange delivers the market infrastructure critical to the shift toward an electrified, low-carbon economy through centrally-cleared, physically-deliverable futures contracts in LNG, carbon, battery materials, and precious metals, meeting the commercial needs of today's commodity markets and establishing the next generation of global benchmarks. For more information, visit | | | | For more information about this press release, please contact:Steve Fray, CFOTel: +1 647 490 1590 Media and Investor inquiries:Abaxx Technologies Relations TeamTel: +1 647 490 1590E-mail: ir@ Cautionary Statement Regarding Forward-Looking Information This press release includes certain 'forward-looking statements' which do not consist of historical facts. Forward-looking statements include estimates and statements that describe Abaxx's future plans, objectives, or goals, including words to the effect that Abaxx expects a stated condition or result to occur. Forward-looking statements may be identified by such terms as 'seeking', 'should', 'intend', 'predict', 'potential', 'believes', 'anticipates', 'expects', 'estimates', 'may', 'could', 'would', 'will', 'continue', 'plan' or the negative of these terms and similar expressions. Since forward-looking statements are based on current expectations and assumptions and address future events and conditions, by their very nature they involve inherent risks and uncertainties. Although these statements are based on information currently available to Abaxx, Abaxx does not provide any assurance that actual results will meet respective management expectations. Risks, uncertainties, assumptions, and other factors involved with forward- looking information could cause actual events, results, performance, prospects, and opportunities to differ materially from those expressed or implied by such forward-looking information. Forward-looking information related to Abaxx in this press release includes, but is not limited to: Abaxx's objectives, goals or future plans; focus on risk management; and development of secure infrastructure. Such factors impacting forward-looking information include, among others: risks relating to the global economic climate; dilution; Abaxx's limited operating history; future capital needs and uncertainty of additional financing; the competitive nature of the industry; currency exchange risks; the need for Abaxx to manage its planned growth and expansion; the effects of product development and need for continued technology change; protection of proprietary rights; the effect of government regulation and compliance on Abaxx and the industry; acquiring and maintaining regulatory approvals for Abaxx's products and operations; the ability to list Abaxx's securities on stock exchanges in a timely fashion or at all; network security risks; the ability of Abaxx to maintain properly working systems; reliance on key personnel; global economic and financial market deterioration impeding access to capital or increasing the cost of capital; and volatile securities markets impacting security pricing unrelated to operating performance. In addition, particular factors which could impact future results of the business of Abaxx include but are not limited to: operations in foreign jurisdictions; protection of intellectual property rights; contractual risk; third-party risk; clearinghouse risk; malicious actor risks; third- party software license risk; system failure risk; risk of technological change; dependence of technical infrastructure; changes in the price of commodities; capital market conditions; and restriction on labor and international travel and supply chains in addition to the risk factors identified in the Company's most recent management discussion and analysis filed on SEDAR+. Abaxx has also assumed that no significant events occur outside of Abaxx's normal course of business. Abaxx cautions that the foregoing list of material factors is not exhaustive. In addition, although Abaxx has attempted to identify important factors that could cause actual results to differ materially, there may be other factors that cause results not to be as anticipated, estimated, or intended. When relying on forward- looking statements and information to make decisions, investors and others should carefully consider the foregoing factors and other uncertainties and potential events. Abaxx has assumed that the material factors referred to in the previous paragraphs will not cause such forward-looking statements and information to differ materially from actual results or events. However, the list of these factors is not exhaustive and is subject to change and there can be no assurance that such assumptions will reflect the actual outcome of such items or factors. The forward-looking statements and information contained in this press release represents the expectations of Abaxx as of the date of this press release and, accordingly, is subject to change after such date. Abaxx undertakes no obligation to update or revise any forward-looking statements and information, whether as a result of new information, future events or otherwise, except as required by law. Accordingly, readers are cautioned not to place undue reliance on these forward-looking statements and information. Cboe Canada does not accept responsibility for the adequacy or accuracy of this press in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Cision Canada
13-05-2025
- Business
- Cision Canada
KuCoin Achieves ISO 27001:2022 Certification, Strengthening Commitment to Security Through $2B Trust Project
Summary KuCoin has been awarded the ISO 27001:2022 certification, the Gold Standard of Compliance for Information Security Management System (ISMS), affirming its dedication to safeguarding user assets and data. The certification reinforces KuCoin's $2 billion Trust Project, a long-term initiative to enhance transparency, security, compliance, and responsible innovation across the Web3 industry. KuCoin remains committed to continuous improvement, ensuring a secure and trusted trading environment for its global community of over 40 million users. VICTORIA, Seychelles, May 13, 2025 /CNW/ -- KuCoin, a leading global cryptocurrency exchange, proudly announces that it has been awarded the ISO 27001:2022 certification, an internationally recognized Information Security Management Systems standard. This milestone underscores KuCoin's commitment to the highest information security standards and marks a critical achievement in its $2 billion Trust Project, launched in April 2025 at TOKEN2049 Dubai. A Benchmark in Information Security ISO 27001:2022 is a globally recognized information security standard covering organizational management, cybersecurity, application security, endpoint security, encryption, vulnerability management, access control, and other aspects. This certification strengthens our protection of user assets and data, enhancing platform security and reliability. We are committed to continuous improvement, ensuring a secure and trusted trading environment. A rigorous third-party audit confirmed KuCoin's adherence to the highest global standards, reinforcing user confidence in our robust security practices. A Core Component of the $2 Billion Trust Project KuCoin's $2 billion Trust Project aims to enhance transparency, security, and compliance in Web3. The ISO 27001:2022 certification is a key milestone, reflecting KuCoin's focus on user protection and compliance. "Security and trust are paramount," said BC Wong, CEO of KuCoin. "This certification, as part of our Trust Project, underscores our commitment to a reliable platform." The Trust Project also bolsters the KCS (KuCoin Token) ecosystem, enhancing user incentives and utility to align value with KuCoin's 40 million users. Security and Compliance: Pillars of KuCoin's Vision KuCoin's security team, led by industry veterans, employs cutting-edge technologies and protocols to safeguard the platform infrastructure. The ISO 27001:2022 framework institutionalizes these efforts, ensuring systematic risk assessments, continuous monitoring, and rapid incident response capabilities. The exchange's data protection practices exceed regulatory requirements across jurisdictions. By integrating ISO 27001:2022, KuCoin reinforces its commitment to a compliance-first approach, aligning with the Trust Project's focus on legal adherence and cross-border cooperation. Future Commitment: Continuous Improvement and Expanding Trust KuCoin will uphold its ISO 27001:2022 certification and pursue additional certifications to strengthen global operations. The $2 billion Trust Project drives investment in advanced security, regulatory collaboration, and user education to set industry benchmarks. Serving over 40 million users in 200+ countries, KuCoin leads the way to a secure, transparent Web3 future. About KuCoin Founded in 2017, KuCoin is one of the pioneering and most globally recognized technology platforms supporting digital economies, built on a robust foundation of cutting-edge blockchain infrastructure, liquidity solutions, and an exceptional user experience. With a connected user base exceeding 40 million worldwide, KuCoin offers comprehensive digital asset solutions across wallets, trading, wealth management, payments, research, ventures, and AI-powered bots. KuCoin has garnered accolades such as "Best Crypto Apps & Exchanges" by Forbes and has been recognized among the "Top 50 Global Unicorns" by Hurun in 2024. These recognitions reflect its commitment to user-centric principles and core values, which include integrity, accountability, collaboration, and a relentless pursuit of excellence. Learn more:
Leaders
09-05-2025
- Business
- Leaders
Makkah Public Security Awarded ISO Certifications for Surveillance, Information Security
The General Directorate of Communications Systems at the Public Security in Makkah has received two international ISO certifications from the Saudi Accreditation Center (SAAC) for its CCTV and electronic surveillance systems. These certifications validate the department's adherence to the standards of the Information Security Management System, underscoring its commitment to maintaining robust security practices. This accomplishment adds to the growing list of successes by the Public Security Departments, which have previously earned multiple ISO accreditations across various disciplines—demonstrating their ongoing dedication to excellence in quality and information security. Related Topics : Board of Grievances Attains ISO 20000 Certification for IT Service Management Meet Ahmad bin Askar, Chief Communication Officer at Sports Boulevard Foundation Saudi Communications & Space Authority's 2023 Achievements: Year in Review Masaader Al-Jazeera Earns ISO 27001 (ISMS) Certificate Short link : Post Views: 12 Related Stories
