IT Governance UK

The CCSP (Certified Cloud Security Professional) certification was launched in April 2015 and last updated in August 2022. (ISC)² developed CCSP to address the growing need for Cloud security professionals and the rapidly escalating use of Cloud services. What are the 6 CCSP domains? CCSP domain Weighting 1. Cloud Concepts, Architecture and Design 17% 2. Cloud Data Security 20% 3. Cloud Platform & Infrastructure Security 17% 4. Cloud Application Security 17% 5. Cloud Security Operations 16% 6. Legal, Risk and Compliance 13% While the first domain doesn’t hold the highest weighting, it’s critical to understanding all other domains. Although you could The post The 6 CCSP Domains Explained appeared first on IT Governance UK Blog.

The UK and EU GDPR (General Data Protection Regulation) restrict transfers of personal data outside the UK and EU respectively. Consequently, you must put an appropriate mechanism or safeguard in place to transfer personal data internationally, such as: Let’s take a closer look at these mechanisms, and when and how to use them. In this blog What are SCCs and the IDTA? Article 46(2)(c) of the EU GDPR allows for “standard data protection clauses adopted by the Commission”. These are your ‘SCCs’ or ‘standard contractual clauses’. Post-Brexit, the UK introduced its own version of these model contractual clauses: the The post GDPR: International Data Transfers Using the IDTA, SCCs or BCRs appeared first on IT Governance UK Blog.

What to do when your ‘supply chain’ is really a ‘supply loop’ When I asked Bridget Kenyon – CISO (chief information security officer) for SSCL, lead editor for ISO 27001:2022 and author of ISO 27001 Controls – what she’d like to cover in an interview, she suggested supply chain security. I asked her whether she was thinking about the CrowdStrike incident (which happened just a few weeks prior). Bridget responded: “Not specifically. To be honest, supply chain security has been a perennial problem.” I sat down with her to find out more. In this interview Challenges of supply chain security The post Strategies for Securing Your Supply Chain appeared first on IT Governance UK Blog.

Guidance for conducting your due diligence when outsourcing to a Cloud service provider With flexible working now the norm – including remote working – many organisations rely on Cloud services to access confidential data. But whenever organisations adopt such technological solutions, they must acknowledge the risks that come with it. To name but one challenge: the Cloud inherently permits access from anywhere in the world. So, how do you restrict that access to authorised users only? To mitigate such security risks, the NCSC (National Cyber Security Centre) established 14 Cloud security principles. These can help guide your due diligence checks when vetting The post How to Meet the NCSC’s 14 Cloud Security Principles appeared first on IT Governance UK Blog.

Your biggest security threat may be hiding in plain sight: your employees. No business can operate without trusting its people. Without access to confidential information and essential systems, staff can’t perform their roles. But if an insider turns malicious, regardless of their motivation, they can significantly damage your organisation. After all, their account is supposed to have access to sensitive data! So, how can your organisation protect itself from malicious insiders? Our head of security testing, James Pickard, explains. In this interview Insider threat vs insider risk Do you consider accidental breaches caused by staff, like clicking a phishing link, The post The Insider Threat: Strategies to Safeguard Against Malicious Insiders appeared first on IT Governance UK Blog.

The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data. Organisations must let individuals know how they can exercise these rights, and meet requests promptly. Failure to do so is a violation of the GDPR and could lead to disciplinary action. But first, what is a data subject? The post GDPR: Data Subject Rights and Organisations’ Responsibilities appeared first on IT Governance UK Blog.

We regularly sit down with experts from within GRC International Group to get their insights on a technical topic or business area. Here are all our Q&As to date, grouped by broad topic: To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight. Last updated: 11 October 2024. Interviews added: Andrew Snow on accountability under the GDPR (data privacy); Judith Eis on how to navigate privacy and data protection challenges in 2025 (data privacy); Damian Garcia on how to overcome 3 common ISO 27001 implementation challenges (ISO 27001); and Richard Bingley on The post Free Expert Insights: Index of Interviews appeared first on IT Governance UK Blog.

Cloud computing is a key tool for business everywhere: In short, you gain access to technical services and functions you may not have internally. Particularly for smaller organisations, this brings huge benefits. For one, you can access your information from anywhere. The trouble is – how do you restrict that access to authorised users only? Plus, Cloud environments are increasingly complex. This increases your attack surface and makes vulnerabilities more likely. To protect data in the Cloud, you must take the same kinds of precautions as you would with information held elsewhere. That means implementing appropriate controls. Which controls, you ask? The post 3 ISO 27001:2022 Controls That Help Secure Your Cloud Services appeared first on IT Governance UK Blog.

A simple approach to GDPR accountability with ROPAs (includes template!) The GDPR (General Data Protection Regulation) outlines seven key principles relating to the processing of personal data. These are often referred to as ‘data protection principles’ or ‘data processing principles’. The principles are: Among organisations that believe themselves GDPR compliant – and among those that don’t – accountability is often the weak link. In this blog What does ‘accountability’ mean under the GDPR? The GDPR says in Article 5(2) that data controllers must be able to demonstrate compliance with the other six principles. Though the GDPR doesn’t give a formal The post How Do You Demonstrate Accountability Under the GDPR? appeared first on IT Governance UK Blog.

Cloud computing is a key tool for organisations, offering a wealth of opportunity to extend IT capabilities and take advantage of innovations. As more organisations move to remote or hybrid working, Cloud services are more valuable than ever. However, innovation comes with risk. In this blog Security challenges of the Cloud During the COVID-19 lockdowns, IT teams were under pressure to integrate existing networks with Cloud services, implementing remote-working solutions and technologies hastily. Further reading: Senior penetration tester Leon Teale gives his top security tips for remote working in this interview. And as infrastructures become more complex, often in a The post Security Risks of Outsourcing to the Cloud: Who’s Responsible? appeared first on IT Governance UK Blog.