Risk Management & Reporting

Security Audits 2020 Style

Traditionally, security audits have been imposed on organisations by third party assessors, either for regulatory or compliance purposes and may result in significant findings that indicate security vulnerabilities, issues or deficiencies that require attention. For many, audits are activities on their annual compliance roadmap, often causing frenetic activity before the assessment start date, then bated breath while the assessor scrutinises systems and controls. For external compliance, and based on where this approach originated, annual financial auditing is suitable; however, applying this approach to cybersecurity leaves businesses exposed to unnecessary information risk.

Read More

Cyber Hygiene equals Cyber Resilience

Cyber hygiene is a relatively new term to describe the basic security practices everyone should be doing to ensure their organisation remains safe from common security threats. Yet even these most basic security controls are often neglected or not implemented correctly, unduly leaving the business exposed to risks they could easily counter.

Read More

CMMC – Monitoring Privileged Users

This blog post “CMMC – Monitoring Privileged Users” is the ninth in a series on Cybersecurity Maturity Model Certification (CMMC) – a US Department of Defense (DoD) initiative that imposes requirements on contractors and subcontractors to help safeguard information within the US defense supply chain.

Read More

Cyber Maturity Assessments in 2020 and beyond

Cyber maturity assessments provide vital insights into an organisation’s ability to protect its information assets and defend itself against cyber threats.  However, they are time consuming, labour intensive and often difficult to execute – particularly when most staff are working from home and site visits are restricted. This blog post explores the elements of the process that present the biggest challenges and how security audit technology can help you overcome them.

Read More
1 2 3 5