ISO/IEC 27001 is an international standard for creating an information security management system (ISMS). It provides a systematic approach for organisations to manage and protect their sensitive information. This standard is broken down into Clauses and Security Controls (Annex A) which every organisation that intends to be ISO 27001 compliant is required to follow. The […]
25
Aug
Aug
Imagine a world intricately woven with connections, where information flows like a meandering river of possibilities. This is the world we currently live in. In the past, intelligence primarily revolved around strategic knowledge, used by decision-makers to gain advantages, often centred on foreign capabilities, global events, and local concerns, particularly in the military and security […]
17
Aug
Aug
NIS 2 is Changing It’s getting Risky out there… The protection of our networks and systems is of utmost importance, now more than ever. Attackers are increasingly sophisticated and attack with increasing frequency and ferocity. Only a Superhero (in the guise of an EU directive) can help us. Is it a bird? Plane? An A.I. […]
09
Aug
Aug
In the world of information security, there are many frameworks and countless guidelines. But among them all, one standard rules them all. Originating from the Plateau of Gorgoroth in Northwestern Mordor, it towers high above the rest, peering deep into the very hearts of organisations like the Eye of Sauron; controlling information security for all […]
03
Aug
Aug
What is a Data Breach Claim? “Someone stole my personal information and I want something done about it now!” A very human, and natural reaction to theft. If someone steals your car or breaks into your house and steals your personal possessions you rightly expect the police to come, investigate and hopefully catch the perpetrator […]
25
Jul
Jul
ISO 27001 Statement of Applicability A central component of becoming compliant with ISO 27001 is creating a Statement of Applicability (SoA). This is a document in which a vast number of controls (defensive policies, procedures, techniques and mechanisms) are considered, and the applicability of each one is weighed up against your organisation’s risks. While a […]
19
Jul
Jul
Not many companies anticipate being the focal point of a significant data breach incident. However, cybercriminals can infiltrate around 93% of businesses within an average of two days. In the third quarter of 2022 alone, approximately 150 million data records were compromised In today’s competitive business landscape, companies increasingly rely on data systems like cloud […]
13
Jul
Jul
“So, all we have to do to implement these 11 chapters containing 91 articles in 261 pages of data protection regulation and all our worries about our clients, staff and suppliers’ Personally Identifiable Information (PPI) will be over?” “Yes, that’s it.” “Jess how long have you worked here?” “Erm, 20 years since last spring. “ […]
10
Jul
Jul
Date: 10/07/2023 Link: The Hacker News Introduction We would like to bring to your attention a significant security breach that has affected Revolut’s payment systems. Malicious actors successfully exploited an unknown flaw within the system, resulting in the theft of over $20 million from the company’s funds. The incident occurred in early 2022 but has […]
07
Jul
Jul
In a world where the digital landscape keeps changing, how can we effectively protect our organisations from threats? This is a question with no one-size-fits-all answer as there are various tactics to protect your systems. However, we will be focusing on the use of black box penetration testing to identify weaknesses within your systems or […]