Category: Cyber & Information Security

Many aspects of the business world are interlinked by technology. But while this brings huge benefits in efficiency and convenience, it also poses the risk of falling victim to a cyber threat. Businesses are dependent on suppliers to deliver services, goods and systems. This can result in a complex supply chain which, in turn, makes it hard to ensure supply chain security because…Read more

DevOps efficiency brings with it reproducible and therefore auditable processes. Encouraging DevOps and SecOps to collaborate will bring improvement and alignment. We can ensure that our security requirements are embedded in the application and environment. As well as satisfying business sponsors, this provides…Read more

Preventing breaches is increasingly difficult, so there’s renewed interest in breach detection technology that identifies breaches after they occur and aims to minimise the impact and fix the problem. This relies on a mixture of analysis and intelligence. In the past, attackers have…Read more

When reviewing the SOC Architecture, the organisation will need solutions that will help build all four pillars of its breach detection stack to deliver an effective cyber defence capability. If there are serious issues, gaps, or inherited ‘tooling sprawl’ within an existing SOC Architecture then the need to…Read more

The rise of outsourcing and strategic business partnerships, together with the increased use of third parties to provide cloud-based data storage and applications, carry major security risks for organisations. Here we look at how risks arise, what kind of cybersecurity professionals an organisation should have on board, and how…Read more

Many organisations have embraced Agile as a development methodology. Its potential for innovation, continuous delivery and risk reduction is compelling. Also gaining traction is DevOps, combining the development and operations phases. However, both disciplines are…Read more

Repaying technical debt is more than just understanding how to fix it. It’s championing the need for the work in competition with other priorities. It’s improving development processes, so that developers are less likely to incur it due to lack of knowledge or carelessness. Finally, it’s about…Read more

The relationship between ‘Procurement’ and ‘Security’ is an often-overlooked factor in determining the amount of ‘flowed down’ security issues in the delivery pipeline and in operations. Security Consultants are often called upon to formulate tactical mitigation strategies for could have been easily avoided if the Security Contract Schedules and SLAs included…Read more

The underlying philosophy of cloud-first is that organisations must initially evaluate the stability of cloud computing to address emergent business requirements before considering other alternatives. The primary benefits stem from the ability to leverage a wide range of services without having to make a major investment in physical infrastructure. This can strengthen…Read more

To remain current, viable and relevant, organisations need to be prepared to adapt and respond to new cyber capability, but persuading stakeholders and people of influence within the company isn’t necessarily easy. People tend to be resistant to change, so as the ISM, you will need to…Read more

Congratulations, you are the new Information Security Manager.  Now it’s time to get on with the job in hand.  As with any new role there will be a lot of work to do.  So where should you focus in your first 30 days to ensure you set yourself up for success?…Read more

What can mid-market companies do to protect themselves and ensure that they don’t get caught out? The first step is to understand what information they hold and why, where and how they do so. This means conducting an audit of systems so that…Read more