Trust our Experience-Get the Best Services
Why You Need Cyber Resilience and Defence in Depth
risk management

Why You Need Cyber Resilience and Defence in Depth

And how to become resilient with ISO 27001 and ISO 22301 Unfortunately, even the most secure organisation can suffer an incident. The odds are simply stacked against you: While you need to protect all your assets from all types of threat, an attacker needs only one exploitable weakness to get into your systems. Plus, any security measure you implement is only designed to stop, at most, a handful of threats – and that’s assuming it was both correctly implemented and still doing its job. Regardless of implementation, single measures aren’t enough – because no measure is foolproof. The consequences of
The post Why You Need Cyber Resilience and Defence in Depth appeared first on IT Governance UK Blog.

Read More
How to Select Effective Security Controls
risk management

How to Select Effective Security Controls

Risk–benefit analysis, defence in depth, information security objectives and proportionality Looking to mitigate your information security risks but not sure how to choose effective controls while staying on budget? Risk–benefit analysis is key, as is defence in depth. You also want to set information security objectives that are aligned to your business objectives, and be proportionate in your control selections. Our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explains further. In this interview Risk–benefit analysis How do you choose appropriate security controls? You need to be clear on two things: Then hopefully, the benefit outweighs the risk.
The post How to Select Effective Security Controls appeared first on IT Governance UK Blog.

Read More
How Do You Mitigate Information Security Risk?
risk management

How Do You Mitigate Information Security Risk?

Modify, share, avoid or retain? Risk management is fundamental to information security and the international standard for information security management, ISO 27001. Previously, our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explained where to start with cyber security risk management: establishing a common vocabulary. In other words, you must define what a ‘risk’ means to your organisation. You need to define what constitutes a ‘high’ impact, what constitutes an ‘unlikely’ risk, and so on. By clearly defining such terms, you can ensure a consistent approach across your organisation, even when different people – with different experiences and
The post How Do You Mitigate Information Security Risk? appeared first on IT Governance UK Blog.

Read More
Expert Insight: Adam Seamons on Zero-Trust Architecture
risk management

Expert Insight: Adam Seamons on Zero-Trust Architecture

How networks have evolved and how to secure them Adam Seamons is the information security manager of GRC International Group PLC, after more than 15 years’ experience working as a systems engineer and in technical support. Adam also holds CISSP (Certified Information Systems Security Professional) and SSCP (Systems Security Certified Practitioner) certifications. We sat down to chat to him. What trends in network security have you noticed recently? One of the big impacts to networks has come from the changes in technology, particularly in terms of the Cloud. Networks have moved from self-contained, on-site setups to multiple Cloud services that
The post Expert Insight: Adam Seamons on Zero-Trust Architecture appeared first on IT Governance UK Blog.

Read More
The Third-Party Threat for Financial Organisations
cyber resilience

The Third-Party Threat for Financial Organisations

DORA’s supply chain security requirements IT Governance’s research for November 2023 found that 48% of the month’s incidents originated from the supply chain (i.e. were third-party attacks). For Europe, this number rises to 61%. Admittedly, it only takes a comparatively small number of supply chain attacks to skew the number of incidents. It’s in their nature for one attack to compromise potentially hundreds or even thousands of organisations. However, that doesn’t stop the numbers from being worrying. It can be challenging to secure your supply chain – organisations tend to simply trust that the products and services they use are
The post The Third-Party Threat for Financial Organisations appeared first on IT Governance UK Blog.

Read More
X