Cyber Security IT Governance UK

Expert insight from our information security manager What is defence in depth? Why is it important? How does it work? And what are some practical examples of it? We put all these questions and more to information security manager Adam Seamons, who has more than 15 years’ experience working as a systems engineer and in technical support. He also holds CISSP (Certified Information Systems Security Professional) and SSCP (Systems Security Certified Practitioner) certifications. What is defence in depth? In very broad terms, defence in depth contains three layers: You can split these up further – into identify, protect, detect, respond The post Cyber Defence in Depth: An Expert’s Overview appeared first on IT Governance UK Blog.

30,578,031,872 known records breached so far in 8,839 publicly disclosed incidents Welcome to our 2024 data breaches and cyber attacks page, where you can find an overview of the year’s top security incidents, the most breached sectors of 2024, month-on-month trends, links to our monthly reports, and much more. Use the links in the ‘On this page’ section below to navigate. To get our latest research delivered straight to your inbox, subscribe to our free weekly newsletter, the Security Spotlight. IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. We offer The post Global Data Breaches and Cyber Attacks in 2024 appeared first on IT Governance UK Blog.

A Springboard to Career Success CISM® (Certified Information Security Manager) is a globally recognised qualification that provides a good understanding of IT security with a management flavour. But with so much in the news about AI, Cloud security and other niche areas of cyber security, it’s easy to overlook the importance of such solid, tried-and-tested qualifications in information security. Adesoji ‘Soji’ Ogunjobi is a cyber security specialist and instructor, with nearly two decades of experience as a cyber security professional and IT auditor. He also has an MSc in Information Technology, Computer and Information Systems, as well as CISM, CISSP, The post An Expert Overview of CISM® appeared first on IT Governance UK Blog.

In the UK, cyber security has been dropping down the board’s list of priorities. A 2022 Proofpoint study found that 76% of UK board members believed their organisation to be at risk of a material cyber attack in the next 12 months – higher than the global average of 65%. However, the 2023 edition of that study found that this had dropped to 44% in the UK, whereas the global average had climbed to 73%. The UK government’s Cyber Security Breaches Survey 2023 confirms this trend. Fewer directors, trustees and other senior managers of both UK businesses and charities see The post The False Economy of Deprioritising Security appeared first on IT Governance UK Blog.

Expert tips from Alan Calder Alan is the Group CEO of GRC International Group PLC, the parent company of IT Governance, and is an acknowledged international security guru. He’s also an award-winning author, and has been involved in developing a wide range of information security and data privacy training courses, has consulted for clients across the globe, and is a regular media commentator and speaker. We sat down to chat to him about industry challenges in 2024. There are still more than ten months to go in 2024. What challenges do you think we’ll see before the year ends? For The post Maintaining GDPR and Data Privacy Compliance in 2024 appeared first on IT Governance UK Blog.

What the Common Vulnerability Scoring System is, how to use it, limitations and alternatives, and key changes in CVSS v4.0 Our senior penetration tester Leon Teale has more than ten years’ experience performing penetration tests for clients in various industries all over the world. In addition, he’s won hackathon events in the UK and internationally, and is accredited for multiple bug bounties. Previously, we’ve interviewed Leon about secure remote working and what the best VPN (virtual private network) solutions are. More recently, we got his insights into the ‘mother of all breaches’, which saw more than 26 billion records leaked. The post Your CVSS Questions Answered appeared first on IT Governance UK Blog.

How networks have evolved and how to secure them Adam Seamons is the information security manager of GRC International Group PLC, after more than 15 years’ experience working as a systems engineer and in technical support. Adam also holds CISSP (Certified Information Systems Security Professional) and SSCP (Systems Security Certified Practitioner) certifications. We sat down to chat to him. What trends in network security have you noticed recently? One of the big impacts to networks has come from the changes in technology, particularly in terms of the Cloud. Networks have moved from self-contained, on-site setups to multiple Cloud services that The post Expert Insight: Adam Seamons on Zero-Trust Architecture appeared first on IT Governance UK Blog.

DORA’s supply chain security requirements IT Governance’s research for November 2023 found that 48% of the month’s incidents originated from the supply chain (i.e. were third-party attacks). For Europe, this number rises to 61%. Admittedly, it only takes a comparatively small number of supply chain attacks to skew the number of incidents. It’s in their nature for one attack to compromise potentially hundreds or even thousands of organisations. However, that doesn’t stop the numbers from being worrying. It can be challenging to secure your supply chain – organisations tend to simply trust that the products and services they use are The post The Third-Party Threat for Financial Organisations appeared first on IT Governance UK Blog.

Making compliance easy with our Cloud-based solution CyberComply is a Cloud-based, end-to-end solution that simplifies compliance with a range of cyber security and data privacy standards and laws, including ISO 27001, the GDPR (General Data Protection Regulation), and more. This SaaS (Software as a Service) will help you manage all your cyber security and data privacy obligations in one place. You will gain immediate visibility into critical data and key performance indicators, and stay ahead of regulatory changes. Recently, CyberComply has seen some major updates. But we’re not done yet – the development team is working hard behind the scenes The post Sam McNicholls-Novoa on CyberComply appeared first on IT Governance UK Blog.

Cyber attacks are like earthquakes. There is the immediate shockwave when an incident occurs, as you hurry to identify the source of the breach, plug the vulnerability and fulfil your regulatory requirements. Then come the secondary waves that produce new problems. For example, how have essential operations been affected, and what are you doing to protect and restore your reputation? Organisations often overlook the damage that these lingering problems cause, and the consequences can be far more expensive than they bargained for. According to one report, organisations can spend £3.6 million or more recovering from security incidents. But without appropriate The post How to Recover From a Cyber Attack appeared first on IT Governance UK Blog.