What is Threat Intelligence?

By |2024-06-10T11:22:40+01:00June 10th, 2024|Cyber Security, Information Security, ISO 27001 Controls|

What is Threat Intelligence? Very simply put, threat intelligence is the ways and means of finding out about new cyber threats globally and working out whether they are relevant to your organisation. We all know that cyber attackers are continually growing new ways to threaten businesses and gain an advantage whether that is through access to data or financial information. All organisations should have methods in place to support their threat intelligence framework. This can be something as simple as signing up for newsletters from respected [...]

ISO27001 – Control 5.7 – Threat Intelligence

By |2024-04-26T17:58:33+01:00April 26th, 2024|Cyber Security, Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.7 - Threat Intelligence Control Information relating to information security threats should be collected and analysed to produce threat intelligence. What this means Organizations should gather and analyze information about security threats to understand the risks they face. This "threat intelligence" can help them take appropriate actions to prevent attacks or reduce the impact of an attack. Threat intelligence has three levels: Strategic - High-level information about the overall landscape of threats and attackers Tactical - Details on the methods, tools, and technologies [...]

ISO27001 – Control 5.6 – Contact with Special Interest Groups

By |2024-04-11T14:58:45+01:00April 15th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.6 - Contact with Special Interest Groups Control The organization shall establish and maintain contact with special interest groups or other specialist security forums and professional associations. What this means As an organization, it's important to establish and maintain contact with special interest groups, security forums, and professional associations related to information security. Why is this important? The goal is to ensure there is an appropriate flow of information when it comes to information security. How can you do this? Here are some [...]

Embracing Least Privilege for Stronger Information Security

By |2024-03-29T12:00:15+00:00April 1st, 2024|Cyber Security, ISO 27001 Controls|

Embracing Least Privilege for Stronger Information Security The principle of least privilege is a fundamental concept in information security that aims to restrict user access rights to only what is essential for performing their job role. By granting users the minimum level of access necessary, organisations can significantly reduce the risk of accidental or intentional misuse of sensitive data and systems. Least Privilege requires software and folders to be managed in a way that each user's access can be restricted to that information that they need [...]

Bring Your Own Device (BYOD) – The risks and rewards

By |2024-02-23T09:48:44+00:00January 23rd, 2024|Cyber Security, Information Security|

Bring Your Own Device (BYOD) is a popular policy where employees use personal devices for work. This typically means using personal smartphones or laptops to access company systems and data. While convenient, BYOD introduces cybersecurity risks that organisations must address. Failure to secure personal devices puts sensitive company information at risk. When employees access internal systems on insecure devices outside the corporate network, businesses lose control of that data. Without proper BYOD policies and controls, unauthorised users could access sensitive information if a device is lost, [...]

What is ISO27001 in the UK?

By |2024-02-23T13:12:18+00:00November 9th, 2023|ISO27001 Implementation|

What is ISO27001 in the UK? ISO27001 is the international standard (ISO) for Information Security Management Systems (ISMS). ISO 27001 has become one of the most widely adopted international standards for managing information security. It outlines the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). An Information Security Management System does what is says on the tin. It is designed to protect business information and ensure the Confidentiality, Integrity and Availability of business information. Confidentiality, Integrity and Availability are the [...]

Go to Top