Trust our Experience-Get the Best Services
Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers
Cyber Security

Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers

The penetration test process and types of penetration test It may sound counterintuitive, but organisations actually pay people to break into their networks. The reason is simple: to catch a thief, you must think like a thief. Organisations hire ethical hackers – aka ‘penetration testers’ or ‘pen testers’ – to identify weaknesses in their defences before a criminal hacker exploits them. This helps organisations proactively strengthen their security posture and keep up with the cyber landscape. Ethical hackers use the same methods as malicious actors, but with the crucial difference of operating within the law and not misusing any information
The post Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers appeared first on IT Governance UK Blog.

Read More
How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work?
Expert insight

How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work?

Top tips to achieve Cyber Essentials certification from our cyber security assessor How can you sail through your Cyber Essentials and Cyber Essentials Plus assessments? How can you prepare? What support can you expect from an assessor? What does the ‘technical audit’ for Cyber Essentials Plus involve, exactly? And what are some common pitfalls? We put these questions to cyber security advisor Ash Brett, who has carried out hundreds of Cyber Essentials Plus assessments. In this interview SAQ (self-assessment questionnaire) Previously, you said that Cyber Essentials involves completing an independently verified SAQ. Could you tell us a bit more
The post How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work? appeared first on IT Governance UK Blog.

Read More
How to Create a Strong Security Culture
information-security

How to Create a Strong Security Culture

Getting a greater return on investment on your security measures We all have a responsibility for security. Regardless of role or rank, everyone has their part to play: Contrary to popular belief, cyber and information security aren’t just matters for IT. But to ensure that all staff truly take note of security and apply the knowledge gained from any staff awareness training, security should be embedded in your organisation’s culture. In other words, you should aim to build a ‘security culture’. In this blog What is a security culture? Security is about being free from danger or threat, while a
The post How to Create a Strong Security Culture appeared first on IT Governance UK Blog.

Read More
Layering Defences to Safeguard Sensitive Data Within AI Systems
Cyber Security

Layering Defences to Safeguard Sensitive Data Within AI Systems

Strategies for mitigating privacy and security risks As artificial intelligence develops relentlessly, organisations face a thorny problem: How can you harness the transformative power of AI tools and systems while ensuring the privacy and security of your sensitive data? We put the question to our head of AI product marketing, Camden Woollven. In this interview What security or privacy challenges do organisations face when using AI tools? The risk of inadvertently exposing sensitive data is a big one. Most generative AI systems are basically a massive ‘sponge’. The language models are trained by soaking up huge quantities of publicly available
The post Layering Defences to Safeguard Sensitive Data Within AI Systems appeared first on IT Governance UK Blog.

Read More
Boost Your Security Posture With Objective-Based Penetration Testing
Expert insight

Boost Your Security Posture With Objective-Based Penetration Testing

To maximise value from your security investments, your measures must be effective How can you be confident your measures are fit for purpose – and prove it to stakeholders like customers, partners and regulators? Penetration testing (also known as ‘pen testing’ or ‘ethical hacking’) offers a vital tool for identifying gaps and opportunities to strengthen your security programme. Our head of security testing, James Pickard, explains further. In this interview Is your security programme effective? What are key challenges when implementing a security programme? Resources and costs are often top of the list. Many organisations have a tight budget for
The post Boost Your Security Posture With Objective-Based Penetration Testing appeared first on IT Governance UK Blog.

Read More
Strategies for Securing Your Supply Chain
supplier assurance

Strategies for Securing Your Supply Chain

What to do when your ‘supply chain’ is really a ‘supply loop’ When I asked Bridget Kenyon – CISO (chief information security officer) for SSCL, lead editor for ISO 27001:2022 and author of ISO 27001 Controls – what she’d like to cover in an interview, she suggested supply chain security. I asked her whether she was thinking about the CrowdStrike incident (which happened just a few weeks prior). Bridget responded: “Not specifically. To be honest, supply chain security has been a perennial problem.” I sat down with her to find out more. In this interview Challenges of supply chain security
The post Strategies for Securing Your Supply Chain appeared first on IT Governance UK Blog.

Read More
How to Meet the NCSC’s 14 Cloud Security Principles
Cyber Security

How to Meet the NCSC’s 14 Cloud Security Principles

Guidance for conducting your due diligence when outsourcing to a Cloud service provider With flexible working now the norm – including remote working – many organisations rely on Cloud services to access confidential data. But whenever organisations adopt such technological solutions, they must acknowledge the risks that come with it. To name but one challenge: the Cloud inherently permits access from anywhere in the world. So, how do you restrict that access to authorised users only? To mitigate such security risks, the NCSC (National Cyber Security Centre) established 14 Cloud security principles. These can help guide your due diligence checks when vetting
The post How to Meet the NCSC’s 14 Cloud Security Principles appeared first on IT Governance UK Blog.

Read More
X