DNS Governance in 2026: Audit-Ready Registrar Controls
At 07:42 on a Monday morning, the CISO of a fintech scale-up receives the message nobody wants to see. Customers cannot access the payment portal, the helpdesk is flooded, email is failing, and the SOC has found no malware, no firewall outage, no cloud provider incident.
The root cause is quieter and more embarrassing. A registrar account was accessed using a stale admin credential shared by several former IT staff. The attacker changed authoritative name servers, modified MX records, disabled DNSSEC, and redirected traffic long enough to harvest credentials and disrupt partner APIs. The payment portal was not hacked in the traditional sense. The company’s trust anchor, its domain, was.
By 09:30, the operational crisis has become a compliance crisis. The board asks whether registry lock was enabled. Legal asks whether personal data was exposed. The DPO asks whether this is a GDPR personal data breach. The regulator wants to know whether a critical or important function was affected. A customer auditor asks for the change ticket approving the DNS modification.
The answer, in too many organizations, is a spreadsheet, a shared mailbox, and a registrar console nobody has reviewed in six months.
DNS and domain registrar governance in 2026 is no longer a niche infrastructure topic. It is part of ransomware resilience, phishing prevention, cloud availability, supplier risk management, incident response, business continuity and evidence-based compliance. If your domain can be hijacked, your SaaS platform can disappear. If your DNS records can be altered without approval, your email security, SSO, TLS certificates, API endpoints and customer trust can be undermined in minutes.
Why DNS and Registrar Governance Belongs in the ISMS
A domain name is not just a brand asset. It is a logical asset, an authentication dependency, a routing dependency and often a supplier-managed service. It connects identity providers, email authentication, TLS certificate validation, cloud endpoints, customer portals, APIs, CDN services, monitoring probes and incident communications.
Clarysec’s Asset Management Policy - SME Asset Management Policy - SME makes this explicit in its scope:
Digital credentials and services: domain names, digital certificates, API keys, email accounts, cloud logins
From section “Scope”, policy clause 2.2.4.
The same policy requires more than listing the domain name:
Ownership, purpose, access privileges, and renewal timelines must be documented.
From section “Policy Implementation Requirements”, policy clause 6.6.2.
For enterprise environments, Clarysec’s Asset Management Policy Asset Management Policy also includes logical assets in scope:
Logical assets: domain names, licenses, user accounts, configuration baselines
From section “Scope”, policy clause 2.2.5.
That is the governance starting point. A DNS and registrar inventory should document:
- Domain name, registry, registrar, DNS hosting provider and authoritative name servers
- Business owner, technical owner, security owner and emergency approver
- Purpose, such as production portal, API, email, SSO, marketing, test environment or defensive registration
- Criticality rating and dependency mapping to business services
- DNSSEC status, DS record status, key ownership and key rollover process
- Registry lock and registrar lock status
- MFA and privileged access model for registrar and DNS provider accounts
- Renewal date, auto-renewal status, payment owner and expiration alerting
- Change control requirements for zone edits and delegation changes
- Logging, alerting, monitoring and evidence retention
This is why domain governance should appear in the ISO/IEC 27001:2022 ISMS scope and risk assessment. ISO/IEC 27001:2022 requires organizations to determine context, interested-party requirements, legal and contractual obligations, interfaces and dependencies with external organizations. DNS depends on registrars, registries, DNS hosting providers, cloud providers, certificate authorities, MSPs and sometimes marketing agencies. If those interfaces are excluded from the ISMS, the audit trail will be incomplete.
The 2026 DNS Threat Model
The most damaging DNS failures are often simple:
- A domain expires because renewal ownership was unclear.
- A former agency still has access to a registrar account.
- DNSSEC is enabled, but DS records are wrong after a DNS provider migration.
- A wildcard record points traffic to an abandoned cloud service.
- A TXT record is changed to validate an attacker-controlled SaaS tenant or certificate request.
- MX records are modified during a phishing or email interception campaign.
- A CNAME to a third-party platform becomes vulnerable to takeover.
- Registry lock exists for the primary domain, but not for customer-facing country-code domains.
- The SOC monitors endpoints, but nobody monitors zone file changes.
The technical safeguards are well understood. DNSSEC helps protect DNS data integrity and origin authentication. Registry lock makes high-risk registry-level changes require additional out-of-band verification. Registrar lock reduces unauthorized transfer risk. MFA and privileged access reviews reduce account takeover likelihood. Change control prevents accidental disruption. Monitoring detects unauthorized or unexpected changes.
The compliance challenge is different: can you prove these safeguards exist, are owned, are reviewed and work during an incident?
That evidence question is where many organizations fail.
Mapping DNS Governance to ISO/IEC 27001:2022 and ISO/IEC 27002:2022
ISO/IEC 27001:2022 provides the management system structure for turning DNS controls into repeatable, auditable processes. ISO/IEC 27001:2022 Annex A and ISO/IEC 27002:2022 control guidance give the control language auditors expect.
| DNS governance area | ISO/IEC 27001:2022 Annex A and ISO/IEC 27002:2022 evidence theme | What auditors expect to see |
|---|---|---|
| Domain inventory | 5.9 Inventory of information and other associated assets | Domain register with owners, criticality, renewal dates, DNS provider, registrar and dependencies |
| Registrar access | 5.15 Access control, 5.16 Identity management, 5.18 Access rights, 8.5 Secure authentication | Named users, MFA evidence, approval records, periodic access reviews and emergency access process |
| DNSSEC | 8.24 Use of cryptography | DNSSEC status, DS records, key custody, rollover plan and validation monitoring |
| Registry and registrar lock | 5.15 Access control, 8.20 Network security, 8.21 Security of network services, 8.32 Change management | Lock status, unlock procedure, authorized contacts and out-of-band verification process |
| Zone change control | 8.9 Configuration management, 8.32 Change management | Change tickets, risk assessment, approvals, implementation evidence and rollback plan |
| DNS provider governance | 5.19 Information security in supplier relationships, 5.20 Addressing information security within supplier agreements, 5.22 Monitoring, review and change management of supplier services | Contract clauses, SLA, security responsibilities, service reviews and incident notification expectations |
| DNS logging and monitoring | 8.15 Logging, 8.16 Monitoring activities | Logs, alerts, SIEM ingestion, retention and alert test evidence |
| DNS outage response | 5.24 Information security incident management planning and preparation, 5.29 Information security during disruption, 5.30 ICT readiness for business continuity | Runbooks, escalation list, recovery procedures and post-incident lessons learned |
Clarysec’s Zenith Blueprint: An Auditor’s 30-Step Roadmap Zenith Blueprint treats network services as explicit audit objects. In the Controls in Action phase, Step 20, it instructs teams to validate network service security:
List out all internal and external network services (DNS, VPN, SMTP, DHCP, API gateways, etc.).
✓ For each, confirm that they use secure protocols (e.g., DNSSEC, TLS 1.2+, SSH instead of Telnet). ✓ Review how access to each service is controlled (e.g., IP whitelists, authentication, certificates). ✓ If managed by third parties (e.g., DNS, SD-WAN, hosted VPN), review the security clauses in the SLA or vendor contract. Update your Service Registry and note where security responsibilities lie, internal or external.
From the Controls in Action phase, Step 20: Controls 8.18 to 8.26.
That gives a practical audit route: treat DNS as an external network service, document how it is secured, and record whether responsibility sits internally, with a registrar, with a DNS provider or with an MSP.
Clarysec’s Zenith Controls: The Cross-Compliance Guide Zenith Controls is useful because DNS governance rarely maps to one framework only. The same DNSSEC or registry lock decision supports ISO/IEC 27001:2022, NIS2, DORA, GDPR, NIST CSF 2.0 and COBIT 2019 evidence.
For supplier monitoring, Zenith Controls maps ISO/IEC 27002:2022 control 5.22, Monitoring, review and change management of supplier services, as a preventive control supporting confidentiality, integrity and availability. For DNS, that means your registrar and DNS provider are not set-and-forget vendors. Their security posture, service changes, outages, sub-processors and notification practices must be reviewed.
For DNSSEC and cryptographic integrity, Zenith Controls maps ISO/IEC 27002:2022 control 8.24, Use of Cryptography, as a preventive control aligned to secure configuration. DNSSEC is not encryption of DNS traffic, but it is cryptographic assurance for DNS data integrity and origin authentication.
For DNS zone edits, Zenith Controls maps ISO/IEC 27002:2022 control 8.32, Change Management, as a preventive control supporting confidentiality, integrity and availability. A DNS change is a configuration change. A DS record update, MX record change, CNAME migration, SPF or DMARC update, CDN cutover or name server delegation change should have a ticket, risk assessment, approval, test result and rollback plan.
DNSSEC, Registry Lock and Key Management for Critical Domains
Not every domain has the same risk. A defensive domain used only to prevent impersonation may need monitoring and renewal discipline. A primary customer portal domain requires the strongest controls available.
For critical domains, Clarysec typically recommends this baseline:
- DNSSEC enabled and validated where supported by the registry, registrar and DNS provider
- DS records reviewed after any DNS provider migration
- Documented KSK and ZSK rollover process, where keys are customer-managed
- Registry lock enabled for primary production, identity, API, payment and email domains
- Registrar lock enabled for all domains unless a temporary exception is documented
- MFA enforced for all registrar and DNS provider users
- Privileged users restricted, named, approved and reviewed
- Break-glass access documented and tested
- Zone file monitoring with alerts on NS, DS, DNSKEY, MX, TXT, A, AAAA, CNAME, CAA and wildcard changes
- External monitoring from multiple resolvers and regions
- Evidence retained in the ISMS repository
Clarysec’s enterprise Cryptographic Controls Policy Cryptographic Controls Policy provides the governance hook for DNSSEC keys:
A centralized Key Management Register must be maintained to record all cryptographic keys, their lifecycle status, assigned custodians, and usage contexts.
From section “Governance Requirements”, policy clause 5.2.
If your organization manages DNSSEC keys directly, or controls DS publication at the registrar, the Key Management Register should document custodianship, lifecycle state, rollover dates and approval authority. If the DNS provider manages DNSSEC keys, the supplier record should explain that responsibility and include assurance evidence.
Registrar Access Governance: MFA, Least Privilege and Emergency Control
Registrar accounts are often created early in a company’s life, then forgotten as the company matures. Founders, agencies, developers, finance users and MSPs may all have historical access. This is a serious control weakness.
Clarysec’s User Account and Privilege Management Policy - SME User Account and Privilege Management Policy - SME states:
Elevated or administrative privileges require additional approval by the General Manager or IT Lead and must be documented, time-bound, and subject to periodic review.
From section “Policy Implementation Requirements”, policy clause 6.2.2.
Apply this literally to registrar and DNS provider access:
- No shared registrar administrator accounts
- MFA for every user, preferably phishing-resistant where supported
- Named emergency contacts with documented authority
- Separation of billing users from technical administrators where possible
- Immediate removal of former employees, agencies and vendors
- Quarterly privileged access review for critical domains
- Exceptions recorded with expiry dates
- Tested emergency unlock and recovery procedures that do not create unsafe production changes
Registry lock evidence should include screenshots or registrar attestations showing enabled status, authorized contacts, unlock process and last review date.
Zone Change Control: Small DNS Edits, Large Business Impact
DNS changes are deceptively small. A TXT record can validate ownership of a SaaS platform. A CNAME can redirect customers to a new environment. An MX record can reroute mail. A CAA record can influence certificate issuance. A wrong DS record can make a signed domain fail validation.
Clarysec’s Change Management Policy - SME Change Management Policy - SME states:
All changes must be submitted as a Change Request (e-mail, form, or helpdesk ticket).
From section “Governance Requirements”, policy clause 5.1.1.
For enterprise clients, Clarysec’s Change Management Policy Change Management Policy raises the evidence expectation:
All change requests, reviews, approvals, and supporting evidence must be recorded in the centralized Change Management System.
From section “Policy Implementation Requirements”, policy clause 6.1.1.
The Zenith Blueprint reinforces this in the Controls in Action phase, Step 21:
Pick 2–3 recent system or configuration changes and check whether they were processed via your formal change management workflow.
✓ Were risks assessed? ✓ Were approvals documented? ✓ Was a rollback plan included?
Validate that the changes were implemented as planned and that any incidents or unexpected impacts were recorded. Review logs, version control diffs, or audit trails from tools like ServiceNow, Jira, or Git. Capture this process in a Change Record Summary Log for audit reference.
From the Controls in Action phase, Step 21: Controls 8.27 to 8.34.
A DNS-specific change ticket should include the domain and zone affected, record type, before and after values, business reason, risk assessment, implementation window, approver, implementer, verifier, DNS propagation checks, DNSSEC validation, rollback plan, post-change monitoring and exported evidence.
The audit principle is simple: DNS changes must be traceable from request to approval to implementation to verification.
Monitoring and Logging: Detect the DNS Change Before Customers Do
A strong DNS governance program assumes prevention can fail. Monitoring must detect unexpected change quickly enough to support incident response.
Clarysec’s Network Security Policy - SME Network Security Policy - SME is explicit:
DNS logging must be enabled to support threat hunting and incident response
From section “Policy Implementation Requirements”, policy clause 6.6.3.
The enterprise Logging and Monitoring Policy Logging and Monitoring Policy starts from the same operational expectation:
All covered systems must generate logs capturing:
From section “Policy Implementation Requirements”, policy clause 6.1.1.
For DNS and registrar governance, covered systems should include registrar portals, DNS hosting consoles, API-based DNS management, CI/CD pipelines that deploy DNS as code, SIEM alerts and external monitoring tools.
| Event | Why it matters | Minimum evidence |
|---|---|---|
| NS record change | Can redirect the whole domain to attacker-controlled DNS | Alert, ticket, approver and before/after values |
| DS or DNSKEY change | Can break DNSSEC validation or enable integrity attacks | DNSSEC validation report and change record |
| MX change | Can reroute email and support phishing or data interception | Alert, mail-flow test and approval |
| TXT change | Can validate SaaS ownership, email authentication or certificate issuance | Change ticket, requester and business justification |
| CAA change | Can influence certificate issuance controls | Certificate governance review |
| Wildcard record addition | Can create broad routing or takeover risk | Risk assessment and approval |
| Registrar login from unusual location | Indicates account compromise risk | SIEM alert and investigation note |
| Registry lock unlock request | High-risk change requiring escalation | Emergency approval and post-action review |
Monitoring should be integrated into incident response. A DNS alert that has no owner, severity rating or runbook is only noise.
NIS2, DORA and GDPR: DNS Governance as Regulatory Evidence
NIS2 Article 21 requires appropriate and proportionate technical, operational and organizational measures to manage risks to network and information systems and minimize incident impact. DNS governance maps naturally to asset management, access control, cryptography, supply chain security, incident handling, business continuity and effectiveness assessment.
NIS2 Article 20 also makes cybersecurity a management body responsibility. Boards do not need to approve every TXT record, but they should understand whether critical domains are protected by DNSSEC, registry lock, MFA, monitoring and tested recovery. For significant incidents, NIS2 Article 23 introduces staged reporting, including early warning within 24 hours, incident notification within 72 hours and a final report no later than one month after the incident notification.
For regulated financial entities, DORA applies from 17 January 2025 and operates as the sector-specific ICT resilience framework where it overlaps with NIS2. DNS often supports critical or important functions such as payment applications, mobile banking, trading portals, customer identity, fraud systems, API gateways and third-party integrations. DORA evidence should show ICT asset dependency mapping, incident classification, resilience testing, third-party risk management and recovery planning for DNS and registrar failure scenarios.
A DNS incident is not automatically a GDPR personal data breach. It may become one if users are redirected to a phishing site, credentials are harvested, email containing personal data is rerouted, traffic to personal-data processing systems is intercepted or availability of personal data is materially affected. GDPR Article 5 requires integrity, confidentiality and accountability. Article 32 requires appropriate security measures for processing. DNS governance provides evidence that domain routing and DNS-dependent services are protected with proportionate technical and organizational measures.
| Control measure | ISO/IEC 27001:2022 Annex A and ISO/IEC 27002:2022 | NIS2 | DORA | GDPR |
|---|---|---|---|---|
| Domain asset inventory | 5.9 Inventory of information and other associated assets | Article 21(2)(i) | Article 8 | Articles 5 and 32 |
| Registrar as supplier | 5.19, 5.20, 5.22 | Article 21(2)(d) | Chapter V | Article 28 and Article 32 |
| Registrar access control and MFA | 5.15, 5.16, 5.18, 8.5 | Article 21(2)(i) and 21(2)(j) | Article 9 | Article 32 |
| Registry and registrar lock | 5.15, 8.20, 8.21, 8.32 | Article 21(2)(a) and 21(2)(e) | Articles 9, 10 and 11 | Article 32 |
| DNS zone change control | 8.9, 8.32 | Article 21(2)(a) and 21(2)(e) | Articles 9, 10 and 11 | Articles 5 and 32 |
| DNSSEC implementation | 8.24 Use of cryptography | Article 21(2)(h) | Articles 9 and 10 | Article 32 |
| DNS logging and monitoring | 8.15 Logging, 8.16 Monitoring activities | Article 21(2)(a), 21(2)(b) and 21(2)(f) | Articles 10 and 17 | Articles 5, 32 and 33 |
Build a DNS Evidence Pack in One Week
A practical DNS governance remediation plan can be completed quickly if it is evidence-driven.
Day 1: Create the Domain and DNS Service Register
Start from the Asset Management Policy - SME requirement to document ownership, purpose, access privileges and renewal timelines.
| Field | Example |
|---|---|
| Domain | example.com |
| Business purpose | Customer portal, API, email |
| Criticality | Critical |
| Registrar | Registrar A |
| Registry lock | Enabled |
| Registrar lock | Enabled |
| DNS provider | Managed DNS Provider B |
| DNSSEC | Enabled, DS published |
| Owner | Head of Platform |
| Security owner | CISO |
| Renewal date | 2027-04-12 |
| Monitoring | SIEM alert plus external DNS monitor |
| Change workflow | Jira DNS change type |
| Supplier review date | 2026-03-15 |
Day 2: Review Access and Privilege
Export registrar and DNS provider users. Remove stale accounts. Enforce MFA. Identify administrators. Record approval evidence for privileged users and document emergency access.
Day 3: Validate DNSSEC and Locking
For each critical domain, verify DNSSEC chain validation, DS record accuracy, DNSKEY visibility, registrar lock and registry lock. If DNSSEC is provider-managed, document provider responsibility. If customer-managed, add DNSSEC keys and custodians to the Key Management Register.
Day 4: Convert DNS Changes Into Formal Change Records
Select the last three DNS changes and test them against Zenith Blueprint Step 21 criteria: risk assessed, approval documented, rollback plan included, implemented as planned and unexpected impact recorded. Create a Change Record Summary Log.
Day 5: Connect Monitoring to Incident Response
Confirm logs and alerts for registrar login, zone changes, DNSSEC changes, NS changes, MX changes, TXT changes, CAA changes and provider notifications. Send test alerts to the SOC or IT owner. Attach evidence to the ISMS repository.
Day 6: Review Supplier Obligations
Use Zenith Blueprint Step 23 guidance for supplier change and monitoring procedures:
Establish a simple, scalable procedure for assessing changes to supplier services (5.21), such as migration to cloud, new sub-processors, or infrastructure redesign. Define triggers that require security re-assessment. Then, implement a recurring supplier monitoring cadence (5.22), assigning owners to critical vendors and ensuring performance, compliance, and risks are reviewed at least annually.
From the Controls in Action phase, Step 23: Organizational controls 5.19 to 5.37.
Clarysec’s enterprise Third party and supplier security policy Third party and supplier security policy provides the contractual anchor:
Contracts with suppliers must include:
From section “Governance Requirements”, policy clause 5.3.
| Contract topic | DNS-specific requirement |
|---|---|
| Security responsibilities | Who manages DNSSEC, locks, logs, access, backups and change approvals |
| Incident notification | Timeframes and channels for registrar compromise, DNS outage or unauthorized change |
| Support escalation | 24/7 emergency path for critical domains |
| Change notification | Advance notice for platform migrations, API changes and sub-processor changes |
| Evidence | Access logs, change history, lock status, DNSSEC status and uptime reports |
| Exit | Domain transfer, zone export, DNSSEC migration and lock removal procedure |
Day 7: Run a Tabletop Exercise
Simulate an unauthorized NS record change. The team must detect it, classify it, escalate it, contact the registrar, invoke registry lock procedures if needed, restore the correct delegation, validate DNSSEC, notify stakeholders, assess GDPR impact and decide whether NIS2 or DORA reporting thresholds are met. Capture lessons learned and update procedures.
Audit Questions, Common Findings and Board Metrics
A DNS governance audit is rarely performed through one lens only.
| Auditor lens | Likely audit question | Strong evidence |
|---|---|---|
| ISO/IEC 27001:2022 auditor | Are domains in scope, risk-assessed, owned, controlled, monitored and included in supplier governance? | ISMS scope, risk register, asset register, Statement of Applicability, change tickets, supplier reviews and logs |
| NIST CSF 2.0 assessor | Are DNS risks governed, identified, protected, detected, responded to and recovered from? | Current and Target Profile, gap plan, asset inventory, access controls, monitoring alerts and recovery records |
| DORA reviewer | Does DNS support critical or important functions, and is the dependency governed, tested and recoverable? | ICT asset dependency map, resilience test plan, incident classification process, third-party register and recovery evidence |
| GDPR reviewer | Could a DNS incident affect personal data, and can the organization demonstrate appropriate security? | Article 32 evidence, incident assessment, processor oversight, access control, change and monitoring records |
| COBIT 2019 or ISACA auditor | Are domain-related governance objectives translated into managed processes with ownership, metrics and assurance? | RACI, process objectives, KPIs, KRIs, supplier performance reviews, management reporting and remediation tracking |
The most common findings are predictable.
| Finding | Risk | Clarysec fix |
|---|---|---|
| Domains missing from asset register | Expiry, ownership confusion and incomplete risk assessment | Add domains to the Asset Register with owner, purpose, criticality, renewal and dependencies |
| Shared registrar admin account | No accountability and weak incident forensics | Move to named users, MFA, least privilege and quarterly reviews |
| No registry lock on critical domain | High-impact unauthorized delegation or transfer | Enable registry lock and document emergency unlock procedure |
| DNSSEC partially enabled | Validation failures or false assurance | Validate chain, DS records, key ownership and rollover plan |
| DNS changes made outside tickets | Outage, misrouting and audit failure | Require formal DNS change type with approval and rollback |
| No alerting on NS or MX changes | Slow detection of hijack or mail rerouting | Integrate DNS monitoring with SIEM and escalation runbook |
| Registrar not reviewed as supplier | Contract and incident response gaps | Add registrar and DNS provider to supplier monitoring cadence |
| No incident playbook | Delayed recovery and reporting uncertainty | Create DNS hijack and DNS outage runbooks, then tabletop test |
Boards and management teams need DNS metrics in resilience language. Useful measures include percentage of critical domains with DNSSEC enabled and validated, percentage with registry lock, number of registrar administrators, percentage of privileged users reviewed in the last quarter, number of DNS changes implemented without formal tickets, mean time to detect unauthorized DNS change, mean time to restore correct DNS configuration, domains expiring within 90 days, supplier reviews completed and unresolved DNS monitoring alerts.
Turn DNS From Hidden Risk Into Audit-Ready Evidence
If your organization has not reviewed domain and DNS governance in the last six months, assume there is drift. Start with critical production domains, then expand to regional domains, defensive domains, test domains, acquisition domains and domains managed by agencies or subsidiaries.
Clarysec can help you move from scattered registrar screenshots to a structured evidence pack using:
- Zenith Blueprint: An Auditor’s 30-Step Roadmap Zenith Blueprint for step-by-step validation of network services, change management, logging, monitoring and supplier controls
- Zenith Controls: The Cross-Compliance Guide Zenith Controls for mapping DNSSEC, registry lock, supplier monitoring and zone change governance across ISO/IEC 27001:2022, NIS2, DORA, GDPR, NIST and COBIT 2019 lenses
- Clarysec policy templates, including Asset Management Policy - SME, Change Management Policy - SME, User Account and Privilege Management Policy - SME, Network Security Policy - SME, Asset Management Policy, Change Management Policy, Logging and Monitoring Policy, Cryptographic Controls Policy, and Third party and supplier security policy
Your domain is the front door to your digital business. In 2026, auditors, regulators, customers and boards will expect you to prove that the front door is locked, monitored, recoverable and governed.
Download the Clarysec toolkit, run the one-week DNS evidence pack exercise, or book a Clarysec assessment to turn DNS and registrar governance into audit-ready proof before your own Monday morning crisis.
Frequently Asked Questions
About the Author
Igor Petreski
Compliance Systems Architect, Clarysec LLC
Igor Petreski is a cybersecurity leader with over 30 years of experience in information technology and a dedicated decade specializing in global Governance, Risk, and Compliance (GRC).Core Credentials & Qualifications:• MSc in Cyber Security from Royal Holloway, University of London• PECB-Certified ISO/IEC 27001 Lead Auditor & Trainer• Certified Information Systems Auditor (CISA) from ISACA• Certified Information Security Manager (CISM) from ISACA • Certified Ethical Hacker from EC-Council
