Cyber Security – Trust our Experience-Get the Best Services

SOC (System and Organization Controls) audits provide an independent assessment of the risks associated with using service organisations and other third parties. SOC 2 audits assess service organisations’ security, availability, processing integrity, confidentiality and privacy controls against the AICPA (American Institute of Certified Public Accountants) TSC (Trust Services Criteria). A SOC 2 report is generally aimed at existing or prospective clients, and is used to assess how well an organisation safeguards customer data and how effectively its internal controls operate. This blog outlines nine steps that will help you understand what SOC 2 requires, prepare your controls and documentation, and approach your
The post Nine Steps to SOC 2 Compliance – Including a SOC 2 Readiness Checklist appeared first on IT Governance Blog.

The CRISC® (Certified in Risk and Information Systems Control®) certification from ISACA® is a globally recognised credential for IT and business professionals. Launched in 2010, it has become the benchmark for validating expertise in enterprise risk governance and control management. CRISC is aimed at those operating in or aspiring to work in IT risk management roles, such as risk analysts, control professionals, IT managers and compliance officers. It bridges technical knowledge with strategic risk governance capability. Over 30,000 professionals hold CRISC certifications today. What are the 4 CRISC domains? The CRISC exam tests candidates across four domains, structured to reflect
The post The 4 CRISC Domains Explained appeared first on IT Governance Blog.

The CISMP (Certificate in Information Security Management Principles) is one of the UK’s most widely recognised entry-level qualifications for information security professionals. Accredited by BCS, The Chartered Institute for IT, it provides a comprehensive foundation in cyber security and information security management. CISMP is designed for individuals working in, or aspiring to work in, security-related roles – particularly those seeking to progress into management or governance positions. It is also suitable for business professionals who need a broader understanding of information security as part of their wider operational responsibilities. It is frequently cited as the first step towards more advanced
The post The 9 CISMP Domains Explained appeared first on IT Governance Blog.

The CISM® (Certified Information Security Manager®) qualification from ISACA® is one of the most widely respected credentials for information security professionals. It demonstrates not only technical expertise, but also the strategic insight required to build, manage and improve enterprise-level security programmes. Since its launch in 2002, CISM has become a globally recognised benchmark for senior roles in information security governance, risk and incident management. It is accredited under ISO/IEC 17024 and was named Best Professional Certification Program in the SC Awards 2025 – a reflection of its continued relevance and high industry regard. CISM is designed for individuals who manage,
The post The 4 CISM Domains Explained appeared first on IT Governance Blog.

The CISA® (Certified Information Systems Auditor®) credential, awarded by ISACA®, is the gold standard for IT audit, control and assurance professionals. Since its introduction in 1978, it has been one of the most sought-after qualifications for audit, risk and compliance leadership positions. CISA covers five domains, updated in August 2024 to reflect changes in technology, risk management and governance frameworks. Regular domain updates ensure the exam stays aligned with real-world job roles and emerging industry trends. What are the 5 CISA domains? CISA domain Exam weighting 1. Information Systems Auditing Process 18% 2. Governance & Management of IT 18% 3.
The post The 5 CISA Domains Explained appeared first on IT Governance Blog.

Risk assessments remain central to ISO 27001 compliance in 2025, ensuring your ISMS (information security management system) is robust and effective. ISO 27001:2022 and ISO 27002:2022 introduced several updates that organisations should incorporate into their risk assessment processes. Here are the seven essential steps for conducting a successful ISO 27001 risk assessment in line with current best practices. 1. Define your risk assessment methodology ISO 27001 does not prescribe a single methodology. Rather, organisations must tailor the approach to fit their needs. Your methodology should clearly define: Consistency and clarity in these definitions ensure reliable and comparable results across your
The post 7 Steps to a Successful ISO 27001 Risk Assessment – Updated for 2025 appeared first on IT Governance Blog.

In a recent webinar hosted by IT Governance, Andy Johnston (divisional director for training), Nikolai Nikolaev (information security specialist) and Soji Obunjobi (cyber security specialist) shared valuable insights into navigating a career in cyber security, with particular focus on the qualifications and experience needed for management and specialist roles. This blog summarises key takeaways from the webinar, providing guidance on career pathways, essential certifications and the skills required to advance in the cyber security field. You might also be interested in our blog How to Start Your Career in Data Protection and Privacy. The growing demand for cyber security professionals
The post Building Your Cyber Security Career: The Credentials Needed for Management and Specialist Roles appeared first on IT Governance Blog.

In today’s rapidly evolving digital landscape, SaaS (software as a service) providers face increasing scrutiny regarding the security of their platforms. And with increasing numbers of customers entrusting sensitive data to Cloud-based solutions, penetration testing has become an essential component of a comprehensive security strategy. In a recent webinar, Penetration Testing for SaaS Providers, our head of security testing, James Pickard, discussed: This blog post provides an overview of what was discussed. What is a SaaS platform? SaaS platforms are Internet-accessible products that can be accessed across multiple devices or platforms. They are typically hosted in the Cloud to facilitate
The post Penetration Testing for SaaS Providers: Building Trust and Security appeared first on IT Governance Blog.

ISO 27001 Controls – A guide to implementing and auditing Bridget Kenyon is the CISO (chief information security officer) for SSCL. She’s also been on the ISO editing team for ISMS (information security management system) standards since 2006, and has served as lead editor for ISO/IEC 27001:2022 and ISO/IEC 27014:2020. Bridget is also a member of the UK Advisory Council for (ISC)2, and a Fellow of the Chartered Institute of Information Security. She’s also been a PCI DSS QSA (Payment Card Industry Data Security Standard Qualified Security Assessor), been head of information security for UCL, and held operational and consultancy roles in both industry
The post Author of the Month: Bridget Kenyon appeared first on IT Governance Blog.

The MoJ (Ministry of Justice) has disclosed that the LAA (Legal Aid Agency) suffered a data breach last month, in which criminals accessed data relating to hundreds of thousands of people, dating back to 2010. Exfiltrated data may have included “contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments”. According to the BBC, more than 2 million pieces of information were taken, including data relating to “domestic abuse victims, those in family cases and others facing criminal prosecution”. It’s not known whether
The post Lessons Learned from the Legal Aid Agency Data Breach appeared first on IT Governance Blog.

Category: Cyber Security