Trust our Experience-Get the Best Services
Author of the Month: Andrew Pattison
ISO 27001

Author of the Month: Andrew Pattison

This month, we are celebrating author Andrew Pattison! His book: NIST CSF 2.0 – Your essential introduction to managing cybersecurity risks was published in February 2025 and covers the latest updates to the NIST framework.   The NIST CSF (Cybersecurity Framework) 2.0 is designed to help organisations prevent and protect themselves from cyber attacks. This book will help you understand how to: About the author: Andrew Pattison is the global head of GRC and PCI consultancy at GRC International Group, a GRC Solutions company. He has been working in information security, risk management and business continuity since the mid-1990s, helping
The post Author of the Month: Andrew Pattison appeared first on IT Governance Blog.

Read More
Why You Need Cyber Resilience and Defence in Depth
cyber resilience

Why You Need Cyber Resilience and Defence in Depth

And how to become resilient with ISO 27001 and ISO 22301 Unfortunately, even the most secure organisation can suffer an incident. The odds are simply stacked against you: While you need to protect all your assets from all types of threat, an attacker needs only one exploitable weakness to get into your systems. Plus, any security measure you implement is only designed to stop, at most, a handful of threats – and that’s assuming it was both correctly implemented and still doing its job. Regardless of implementation, single measures aren’t enough – because no measure is foolproof. The consequences of
The post Why You Need Cyber Resilience and Defence in Depth appeared first on IT Governance UK Blog.

Read More
How to Select Effective Security Controls
Expert insight

How to Select Effective Security Controls

Risk–benefit analysis, defence in depth, information security objectives and proportionality Looking to mitigate your information security risks but not sure how to choose effective controls while staying on budget? Risk–benefit analysis is key, as is defence in depth. You also want to set information security objectives that are aligned to your business objectives, and be proportionate in your control selections. Our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explains further. In this interview Risk–benefit analysis How do you choose appropriate security controls? You need to be clear on two things: Then hopefully, the benefit outweighs the risk.
The post How to Select Effective Security Controls appeared first on IT Governance UK Blog.

Read More
How to Create a Strong Security Culture
Cyber Security

How to Create a Strong Security Culture

Getting a greater return on investment on your security measures We all have a responsibility for security. Regardless of role or rank, everyone has their part to play: Contrary to popular belief, cyber and information security aren’t just matters for IT. But to ensure that all staff truly take note of security and apply the knowledge gained from any staff awareness training, security should be embedded in your organisation’s culture. In other words, you should aim to build a ‘security culture’. In this blog What is a security culture? Security is about being free from danger or threat, while a
The post How to Create a Strong Security Culture appeared first on IT Governance UK Blog.

Read More
Strategies for Securing Your Supply Chain
supply chain security

Strategies for Securing Your Supply Chain

What to do when your ‘supply chain’ is really a ‘supply loop’ When I asked Bridget Kenyon – CISO (chief information security officer) for SSCL, lead editor for ISO 27001:2022 and author of ISO 27001 Controls – what she’d like to cover in an interview, she suggested supply chain security. I asked her whether she was thinking about the CrowdStrike incident (which happened just a few weeks prior). Bridget responded: “Not specifically. To be honest, supply chain security has been a perennial problem.” I sat down with her to find out more. In this interview Challenges of supply chain security
The post Strategies for Securing Your Supply Chain appeared first on IT Governance UK Blog.

Read More
3 ISO 27001:2022 Controls That Help Secure Your Cloud Services
Cyber Security

3 ISO 27001:2022 Controls That Help Secure Your Cloud Services

Cloud computing is a key tool for business everywhere: In short, you gain access to technical services and functions you may not have internally. Particularly for smaller organisations, this brings huge benefits. For one, you can access your information from anywhere. The trouble is – how do you restrict that access to authorised users only? Plus, Cloud environments are increasingly complex. This increases your attack surface and makes vulnerabilities more likely. To protect data in the Cloud, you must take the same kinds of precautions as you would with information held elsewhere. That means implementing appropriate controls. Which controls, you ask?
The post 3 ISO 27001:2022 Controls That Help Secure Your Cloud Services appeared first on IT Governance UK Blog.

Read More
What Are ISO 27017 and ISO 27018, and What Are Their Controls?
Cyber Security

What Are ISO 27017 and ISO 27018, and What Are Their Controls?

Extending your ISMS to address Cloud security risks ISO 27001 sets out the specification – the requirements – for an effective ISMS (information security management system). But did you know you can extend your ISO 27001 ISMS to cover specific aspects of Cloud security? Two ISO standards in particular stand out: Let’s take a closer look at both ISO 27017 and ISO 27018. Note: The current versions of ISO 27017 and ISO 27018, ISO/IEC 27017:2015 and ISO/IEC 27018:2019, are aligned to the previous (2013) edition of ISO 27002. The new (2022) control set has been completely reorganised, and 11 new
The post What Are ISO 27017 and ISO 27018, and What Are Their Controls? appeared first on IT Governance UK Blog.

Read More
How to Address AI Security Risks With ISO 27001
Security Testing

How to Address AI Security Risks With ISO 27001

AI penetration tests, user education, and more Artificial intelligence is taking the world by storm. But for all its potential, there are legitimate concerns around, among other things, data security. Bridget Kenyon is the CISO (chief information security officer) for SSCL, a member of the UK Advisory Council for (ISC)2, and a Fellow of the Chartered Institute of Information Security. She also served as lead editor for ISO 27001:2022, and is the author of ISO 27001 Controls. Bridget’s interests lie in finding the edges of security that you can peel up, and the human aspects of system vulnerability. Just the
The post How to Address AI Security Risks With ISO 27001 appeared first on IT Governance UK Blog.

Read More
5 Cyber Security and ISO 27001 Myths
ISO 27001

5 Cyber Security and ISO 27001 Myths

Common misconceptions and what you can do about them Contrary to common belief, the external threat – a threat actor hacking their way into your systems through technical skill alone – isn’t your biggest problem. In our previous interview with Damian Garcia, our head of GRC (governance, risk and compliance) consultancy, we learned about the internal, or insider, threat and its significance. If you don’t invest in cyber security or staff training, accidental breaches pose a far bigger threat than technically skilled hackers. Think about it from the attacker’s point of view: why bother taking the time and effort to
The post 5 Cyber Security and ISO 27001 Myths appeared first on IT Governance UK Blog.

Read More
Sam McNicholls-Novoa on CyberComply
Cyber Security

Sam McNicholls-Novoa on CyberComply

Making compliance easy with our Cloud-based solution CyberComply is a Cloud-based, end-to-end solution that simplifies compliance with a range of cyber security and data privacy standards and laws, including ISO 27001, the GDPR (General Data Protection Regulation), and more. This SaaS (Software as a Service) will help you manage all your cyber security and data privacy obligations in one place. You will gain immediate visibility into critical data and key performance indicators, and stay ahead of regulatory changes. Recently, CyberComply has seen some major updates. But we’re not done yet – the development team is working hard behind the scenes
The post Sam McNicholls-Novoa on CyberComply appeared first on IT Governance UK Blog.

Read More
X