Trust our Experience-Get the Best Services
Why You Need Cyber Resilience and Defence in Depth
Cyber Security

Why You Need Cyber Resilience and Defence in Depth

And how to become resilient with ISO 27001 and ISO 22301 Unfortunately, even the most secure organisation can suffer an incident. The odds are simply stacked against you: While you need to protect all your assets from all types of threat, an attacker needs only one exploitable weakness to get into your systems. Plus, any security measure you implement is only designed to stop, at most, a handful of threats – and that’s assuming it was both correctly implemented and still doing its job. Regardless of implementation, single measures aren’t enough – because no measure is foolproof. The consequences of
The post Why You Need Cyber Resilience and Defence in Depth appeared first on IT Governance UK Blog.

Read More
How to Select Effective Security Controls
ISO 27001

How to Select Effective Security Controls

Risk–benefit analysis, defence in depth, information security objectives and proportionality Looking to mitigate your information security risks but not sure how to choose effective controls while staying on budget? Risk–benefit analysis is key, as is defence in depth. You also want to set information security objectives that are aligned to your business objectives, and be proportionate in your control selections. Our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explains further. In this interview Risk–benefit analysis How do you choose appropriate security controls? You need to be clear on two things: Then hopefully, the benefit outweighs the risk.
The post How to Select Effective Security Controls appeared first on IT Governance UK Blog.

Read More
Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers
penetration testing

Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers

The penetration test process and types of penetration test It may sound counterintuitive, but organisations actually pay people to break into their networks. The reason is simple: to catch a thief, you must think like a thief. Organisations hire ethical hackers – aka ‘penetration testers’ or ‘pen testers’ – to identify weaknesses in their defences before a criminal hacker exploits them. This helps organisations proactively strengthen their security posture and keep up with the cyber landscape. Ethical hackers use the same methods as malicious actors, but with the crucial difference of operating within the law and not misusing any information
The post Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers appeared first on IT Governance UK Blog.

Read More
How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work?
Cyber Essentials

How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work?

Top tips to achieve Cyber Essentials certification from our cyber security assessor How can you sail through your Cyber Essentials and Cyber Essentials Plus assessments? How can you prepare? What support can you expect from an assessor? What does the ‘technical audit’ for Cyber Essentials Plus involve, exactly? And what are some common pitfalls? We put these questions to cyber security advisor Ash Brett, who has carried out hundreds of Cyber Essentials Plus assessments. In this interview SAQ (self-assessment questionnaire) Previously, you said that Cyber Essentials involves completing an independently verified SAQ. Could you tell us a bit more
The post How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work? appeared first on IT Governance UK Blog.

Read More
Layering Defences to Safeguard Sensitive Data Within AI Systems
Cyber Security

Layering Defences to Safeguard Sensitive Data Within AI Systems

Strategies for mitigating privacy and security risks As artificial intelligence develops relentlessly, organisations face a thorny problem: How can you harness the transformative power of AI tools and systems while ensuring the privacy and security of your sensitive data? We put the question to our head of AI product marketing, Camden Woollven. In this interview What security or privacy challenges do organisations face when using AI tools? The risk of inadvertently exposing sensitive data is a big one. Most generative AI systems are basically a massive ‘sponge’. The language models are trained by soaking up huge quantities of publicly available
The post Layering Defences to Safeguard Sensitive Data Within AI Systems appeared first on IT Governance UK Blog.

Read More
Boost Your Security Posture With Objective-Based Penetration Testing
Expert insight

Boost Your Security Posture With Objective-Based Penetration Testing

To maximise value from your security investments, your measures must be effective How can you be confident your measures are fit for purpose – and prove it to stakeholders like customers, partners and regulators? Penetration testing (also known as ‘pen testing’ or ‘ethical hacking’) offers a vital tool for identifying gaps and opportunities to strengthen your security programme. Our head of security testing, James Pickard, explains further. In this interview Is your security programme effective? What are key challenges when implementing a security programme? Resources and costs are often top of the list. Many organisations have a tight budget for
The post Boost Your Security Posture With Objective-Based Penetration Testing appeared first on IT Governance UK Blog.

Read More
Strategies for Securing Your Supply Chain
Expert insight

Strategies for Securing Your Supply Chain

What to do when your ‘supply chain’ is really a ‘supply loop’ When I asked Bridget Kenyon – CISO (chief information security officer) for SSCL, lead editor for ISO 27001:2022 and author of ISO 27001 Controls – what she’d like to cover in an interview, she suggested supply chain security. I asked her whether she was thinking about the CrowdStrike incident (which happened just a few weeks prior). Bridget responded: “Not specifically. To be honest, supply chain security has been a perennial problem.” I sat down with her to find out more. In this interview Challenges of supply chain security
The post Strategies for Securing Your Supply Chain appeared first on IT Governance UK Blog.

Read More
The Insider Threat: Strategies to Safeguard Against Malicious Insiders
Cyber Security

The Insider Threat: Strategies to Safeguard Against Malicious Insiders

Your biggest security threat may be hiding in plain sight: your employees. No business can operate without trusting its people. Without access to confidential information and essential systems, staff can’t perform their roles. But if an insider turns malicious, regardless of their motivation, they can significantly damage your organisation. After all, their account is supposed to have access to sensitive data! So, how can your organisation protect itself from malicious insiders? Our head of security testing, James Pickard, explains. In this interview Insider threat vs insider risk Do you consider accidental breaches caused by staff, like clicking a phishing link,
The post The Insider Threat: Strategies to Safeguard Against Malicious Insiders appeared first on IT Governance UK Blog.

Read More
How to Address AI Security Risks With ISO 27001
Cyber Security

How to Address AI Security Risks With ISO 27001

AI penetration tests, user education, and more Artificial intelligence is taking the world by storm. But for all its potential, there are legitimate concerns around, among other things, data security. Bridget Kenyon is the CISO (chief information security officer) for SSCL, a member of the UK Advisory Council for (ISC)2, and a Fellow of the Chartered Institute of Information Security. She also served as lead editor for ISO 27001:2022, and is the author of ISO 27001 Controls. Bridget’s interests lie in finding the edges of security that you can peel up, and the human aspects of system vulnerability. Just the
The post How to Address AI Security Risks With ISO 27001 appeared first on IT Governance UK Blog.

Read More
How Do You Mitigate Information Security Risk?
Cyber Security

How Do You Mitigate Information Security Risk?

Modify, share, avoid or retain? Risk management is fundamental to information security and the international standard for information security management, ISO 27001. Previously, our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explained where to start with cyber security risk management: establishing a common vocabulary. In other words, you must define what a ‘risk’ means to your organisation. You need to define what constitutes a ‘high’ impact, what constitutes an ‘unlikely’ risk, and so on. By clearly defining such terms, you can ensure a consistent approach across your organisation, even when different people – with different experiences and
The post How Do You Mitigate Information Security Risk? appeared first on IT Governance UK Blog.

Read More
X