Trust our Experience-Get the Best Services
Strategies for Securing Your Supply Chain
supply chain security

Strategies for Securing Your Supply Chain

What to do when your ‘supply chain’ is really a ‘supply loop’ When I asked Bridget Kenyon – CISO (chief information security officer) for SSCL, lead editor for ISO 27001:2022 and author of ISO 27001 Controls – what she’d like to cover in an interview, she suggested supply chain security. I asked her whether she was thinking about the CrowdStrike incident (which happened just a few weeks prior). Bridget responded: “Not specifically. To be honest, supply chain security has been a perennial problem.” I sat down with her to find out more. In this interview Challenges of supply chain security
The post Strategies for Securing Your Supply Chain appeared first on IT Governance UK Blog.

Read More
How to Meet the NCSC’s 14 Cloud Security Principles
supply chain security

How to Meet the NCSC’s 14 Cloud Security Principles

Guidance for conducting your due diligence when outsourcing to a Cloud service provider With flexible working now the norm – including remote working – many organisations rely on Cloud services to access confidential data. But whenever organisations adopt such technological solutions, they must acknowledge the risks that come with it. To name but one challenge: the Cloud inherently permits access from anywhere in the world. So, how do you restrict that access to authorised users only? To mitigate such security risks, the NCSC (National Cyber Security Centre) established 14 Cloud security principles. These can help guide your due diligence checks when vetting
The post How to Meet the NCSC’s 14 Cloud Security Principles appeared first on IT Governance UK Blog.

Read More
3 ISO 27001:2022 Controls That Help Secure Your Cloud Services
supply chain security

3 ISO 27001:2022 Controls That Help Secure Your Cloud Services

Cloud computing is a key tool for business everywhere: In short, you gain access to technical services and functions you may not have internally. Particularly for smaller organisations, this brings huge benefits. For one, you can access your information from anywhere. The trouble is – how do you restrict that access to authorised users only? Plus, Cloud environments are increasingly complex. This increases your attack surface and makes vulnerabilities more likely. To protect data in the Cloud, you must take the same kinds of precautions as you would with information held elsewhere. That means implementing appropriate controls. Which controls, you ask?
The post 3 ISO 27001:2022 Controls That Help Secure Your Cloud Services appeared first on IT Governance UK Blog.

Read More
Security Risks of Outsourcing to the Cloud: Who’s Responsible?
supply chain security

Security Risks of Outsourcing to the Cloud: Who’s Responsible?

Cloud computing is a key tool for organisations, offering a wealth of opportunity to extend IT capabilities and take advantage of innovations. As more organisations move to remote or hybrid working, Cloud services are more valuable than ever. However, innovation comes with risk. In this blog Security challenges of the Cloud During the COVID-19 lockdowns, IT teams were under pressure to integrate existing networks with Cloud services, implementing remote-working solutions and technologies hastily. Further reading: Senior penetration tester Leon Teale gives his top security tips for remote working in this interview. And as infrastructures become more complex, often in a
The post Security Risks of Outsourcing to the Cloud: Who’s Responsible? appeared first on IT Governance UK Blog.

Read More
What Are ISO 27017 and ISO 27018, and What Are Their Controls?
Cyber Security

What Are ISO 27017 and ISO 27018, and What Are Their Controls?

Extending your ISMS to address Cloud security risks ISO 27001 sets out the specification – the requirements – for an effective ISMS (information security management system). But did you know you can extend your ISO 27001 ISMS to cover specific aspects of Cloud security? Two ISO standards in particular stand out: Let’s take a closer look at both ISO 27017 and ISO 27018. Note: The current versions of ISO 27017 and ISO 27018, ISO/IEC 27017:2015 and ISO/IEC 27018:2019, are aligned to the previous (2013) edition of ISO 27002. The new (2022) control set has been completely reorganised, and 11 new
The post What Are ISO 27017 and ISO 27018, and What Are Their Controls? appeared first on IT Governance UK Blog.

Read More
Online Merchants: PCI DSS Compliance Tips When Outsourcing
PCI DSS

Online Merchants: PCI DSS Compliance Tips When Outsourcing

Common challenges for SAQ A/e-commerce merchants and how to resolve them E-commerce merchants, by definition, accept card payments. So, they’re subject to the PCI DSS (Payment Card Industry Data Security Standard). This standard, currently at v4.0.1 (a limited revision to PCI DSS v4.0), contains 277 sub-requirements. However, you can reduce your scope to drastically lower the number of requirements you must meet, thereby significantly reducing your compliance burden. Example: Online merchants can aim for SAQ A This SAQ (self-assessment questionnaire) contains just 31 questions (1 per applicable sub-requirement). To qualify, you must fully outsource your account data functions. As an
The post Online Merchants: PCI DSS Compliance Tips When Outsourcing appeared first on IT Governance UK Blog.

Read More
GDPR Article 28 Contracts: What You Need to Know
Expert insight

GDPR Article 28 Contracts: What You Need to Know

An overlooked GDPR requirement AND a business enabler Andy Snow has trained thousands of people on the GDPR (General Data Protection Regulation). So, he’s a good person to ask about what areas people find challenging. His response? “The data-sharing aspects of contracts.” As a trainer, Andy regularly receives praise for his engaging delivery style, bringing the subject matter to life with real-world examples. In this conversation, he did the same. Andy’s explanations show the importance of this overlooked area of GDPR compliance. Contracts aren’t just a GDPR requirement. Doing your due diligence can save your organisation a lot of money,
The post GDPR Article 28 Contracts: What You Need to Know appeared first on IT Governance UK Blog.

Read More
X