Trust our Experience-Get the Best Services
How to Create a Strong Security Culture
ISO 27001

How to Create a Strong Security Culture

Getting a greater return on investment on your security measures We all have a responsibility for security. Regardless of role or rank, everyone has their part to play: Contrary to popular belief, cyber and information security aren’t just matters for IT. But to ensure that all staff truly take note of security and apply the knowledge gained from any staff awareness training, security should be embedded in your organisation’s culture. In other words, you should aim to build a ‘security culture’. In this blog What is a security culture? Security is about being free from danger or threat, while a
The post How to Create a Strong Security Culture appeared first on IT Governance UK Blog.

Read More
Layering Defences to Safeguard Sensitive Data Within AI Systems
Cyber Security

Layering Defences to Safeguard Sensitive Data Within AI Systems

Strategies for mitigating privacy and security risks As artificial intelligence develops relentlessly, organisations face a thorny problem: How can you harness the transformative power of AI tools and systems while ensuring the privacy and security of your sensitive data? We put the question to our head of AI product marketing, Camden Woollven. In this interview What security or privacy challenges do organisations face when using AI tools? The risk of inadvertently exposing sensitive data is a big one. Most generative AI systems are basically a massive ‘sponge’. The language models are trained by soaking up huge quantities of publicly available
The post Layering Defences to Safeguard Sensitive Data Within AI Systems appeared first on IT Governance UK Blog.

Read More
Boost Your Security Posture With Objective-Based Penetration Testing
Security Testing

Boost Your Security Posture With Objective-Based Penetration Testing

To maximise value from your security investments, your measures must be effective How can you be confident your measures are fit for purpose – and prove it to stakeholders like customers, partners and regulators? Penetration testing (also known as ‘pen testing’ or ‘ethical hacking’) offers a vital tool for identifying gaps and opportunities to strengthen your security programme. Our head of security testing, James Pickard, explains further. In this interview Is your security programme effective? What are key challenges when implementing a security programme? Resources and costs are often top of the list. Many organisations have a tight budget for
The post Boost Your Security Posture With Objective-Based Penetration Testing appeared first on IT Governance UK Blog.

Read More
Strategies for Securing Your Supply Chain
Supply chain assurance

Strategies for Securing Your Supply Chain

What to do when your ‘supply chain’ is really a ‘supply loop’ When I asked Bridget Kenyon – CISO (chief information security officer) for SSCL, lead editor for ISO 27001:2022 and author of ISO 27001 Controls – what she’d like to cover in an interview, she suggested supply chain security. I asked her whether she was thinking about the CrowdStrike incident (which happened just a few weeks prior). Bridget responded: “Not specifically. To be honest, supply chain security has been a perennial problem.” I sat down with her to find out more. In this interview Challenges of supply chain security
The post Strategies for Securing Your Supply Chain appeared first on IT Governance UK Blog.

Read More
How to Meet the NCSC’s 14 Cloud Security Principles
Cyber Security

How to Meet the NCSC’s 14 Cloud Security Principles

Guidance for conducting your due diligence when outsourcing to a Cloud service provider With flexible working now the norm – including remote working – many organisations rely on Cloud services to access confidential data. But whenever organisations adopt such technological solutions, they must acknowledge the risks that come with it. To name but one challenge: the Cloud inherently permits access from anywhere in the world. So, how do you restrict that access to authorised users only? To mitigate such security risks, the NCSC (National Cyber Security Centre) established 14 Cloud security principles. These can help guide your due diligence checks when vetting
The post How to Meet the NCSC’s 14 Cloud Security Principles appeared first on IT Governance UK Blog.

Read More
The Insider Threat: Strategies to Safeguard Against Malicious Insiders
penetration testing

The Insider Threat: Strategies to Safeguard Against Malicious Insiders

Your biggest security threat may be hiding in plain sight: your employees. No business can operate without trusting its people. Without access to confidential information and essential systems, staff can’t perform their roles. But if an insider turns malicious, regardless of their motivation, they can significantly damage your organisation. After all, their account is supposed to have access to sensitive data! So, how can your organisation protect itself from malicious insiders? Our head of security testing, James Pickard, explains. In this interview Insider threat vs insider risk Do you consider accidental breaches caused by staff, like clicking a phishing link,
The post The Insider Threat: Strategies to Safeguard Against Malicious Insiders appeared first on IT Governance UK Blog.

Read More
X