Tag: ISMS

Nameshield renews its ISO 27001 certification

ISO 27001 - Nameshield renews its ISO 27001 certification

Nameshield Group is an expert in domain names, DNS, TLS/SSL certificates management.

Through our experience gained from world-renowned customers with ever-increasing security requirements, we have also become technical experts in Information security. That is why we have implemented an Information Security Management System (ISMS).

In 2017, we obtained the ISO 27001 certification of this ISMS for our activities of domain names portfolio, DNS and TLS/SSL certificates management. Nameshield Group has thus become the sole French registrar ensuring such a level of security for its customers.

Since then, our employees involved in the ISMS continuously contribute to the constant improvement of our security arrangements.

An analysis of the risks and their processing, according to the Ebios method, answer to our security goals and those of our clients.

We permanently adapt to security, performance and sustainability needs. It results in the deployment of more secure products and services, with higher added values, that meet our clients’ expectations more and better.

We know how to mobilize ourselves in case of incidents and learn to always do better by analyzing the processing of each alert.

We have and control a business continuity plan. Therefore, we are able to carry out our activities remotely (backup site, telecommuting, redundant servers…), whatever the threats.

Information security is the DNA of Nameshield Group and all its employees.

Logically, our ISO 27001 certificate has been renewed for 3 years in last February without any non-compliance nor comments being notified.

This international recognition ensures you:

  • An availability rate (domain names management platform and DNS Premium)
  • Tests implementation allowing us to permanently review ourselves and anticipate incidents
  • The raising awareness of all Nameshield employees to all Information security aspects
  • The reliability and performance of our system
  • The study of our experience feedbacks to continuously improve our security and thus yours

The continuation of the Equifax case or how the controls implemented in the context of an ISMS (ISO 27001) can help to prevent security incidents?

Cybersecurity - The continuation of the Equifax case

October 3rd, 2017, Equifax’s ex CEO, Rick Smith, had to explain to the American Congress how the private data of almost one out of two Americans could be hacked.

Let us briefly recall the chronology of events (for more information, we invite you to read Adriana Lecerf’s complete article):

  • March 9th, 2017: An Apache Struts flaw is detected. Less than a week after, the security patch is validated and planned, but the latter is not applied on all the servers.
  • March 15th, 2017: a scan is carried out but no vulnerability is detected.
  • April 2017: Hackers take advantage of this breach (the security patch which was not applied on all the servers) and steal the precious data.
  • July 31th, 2017: The ex CEO is informed of the information theft.
  • September 8th, 2017: Official communication on the hacking.

How can the ISO 27001 certification and the establishment of an associated ISMS (Information Security Management System) help to prevent this kind of incident?

The ISO 27001 standard is the reference regarding validation and constant improvement of an ISMS. It relies on 114 control points which scan all the domains for the establishment of an ISMS, including the implementation of procedures and the platforms update processes.

That includes the implementation and regular control of the risks management process aiming to ensure the data security. The main purpose of this management system is to carry out the appropriate measures in order to reduce, even eliminate threats impact on users or customers.

The ISMS is a wheel of constant improvement and in the case of Equifax, the processes of control established and tracked with an ISMS could have eventually helped to prevent this kind of incident.

This case demonstrates again the obligation to rethink the security strategy within companies and to implement necessary protocols to ensure the discovery of possible security flaws and the corrective action to apply.

Nameshield certified ISO 27001