Cyber Essentials – Internal and External Security Assessments Explained


During one of IT Governance’s latest events we discussed the up and coming Cyber Essentials scheme. While the requirements of the scheme and its business implications were covered by the speakers, a considerable number of people have approached me with technical questions relating to the scans mandated by the new scheme. Cyber Essentials defines two […]

Cyber Essentials 2 – what the delegates learned about the scheme and why it really is necessary


Cyber Essentials 2 attracted organisations from the smallest SMEs to FTSE 100 enterprises – all with a mission to investigate and, if possible, learn how to achieve a CES badge. Among the delegates, there was general agreement that tackling cyber crime through the adoption of IT security controls was a pretty good thing. Naturally enough, […]

Selling Penetration Testing to the Board

cyber security, pen testing

Know your vulnerabilities before cyber criminals discover them June and July saw a spike in cyber attacks on organisations of all sizes, including Domino’s Pizza, Code Spaces, the World Cup websites, StubHub, CNET and – perhaps ironically – the Get Safe Online website. We expect to see this continue in August as attackers leverage high […]

Three solutions to Cyber Essentials certification


The UK Government’s Cyber Essentials scheme provides a set of five controls that organisations can implement to achieve a baseline of cyber security, against which they can achieve certification in order to prove their compliance. IT Governance is supporting the Government’s request to make Cyber Essentials certification as easy and inexpensive as possible. In fact, […]

Which service management functions and processes are the most confusing?

Service management functions and processes are pretty straightforward for the most part, but there are always certain ones that people get stuck on. The usual suspects are Configuration Management, Application Management, Service Portfolio Management, Change Management, Problem Management and Incident Management. Some people find these functions and processes a breeze, but many find them hard […]

Enterprise service management: why reinvent the wheel?

I was reading the minutes of a recent AXELOS© ATO roundtable event held in San Francisco, and a term that came up during the event was ‘enterprise service management’. Several questions immediately came into my mind. What is enterprise service management, and what exactly does it involve? Googling the term didn’t deliver any results. I […]

eBay has suffered a security breach for the second time this year


Update 23/07/2014 16:15: The company detected the unauthorised transactions last year, contacted authorities and gave the affected customers refunds and help changing their passwords. It’s unclear whether the digital prowlers then exploited their access to scoop up more information from the compromised accounts. The company and the law enforcement official wouldn’t give further details. – This […]

Are you an e-commerce merchant that doesn’t store any cardholder data? You may need a penetration test.


Among the numerous changes introduced by the PCI DSS v3, two new self-assessment questionnaires (SAQs) have seen the light in 2014: B-IP and A-EP. B-IP is aimed at small- and medium-sized merchants that use standalone, IP-connected terminals (rather than a phone line), even though the merchant does not store electronic cardholder data. The other SAQ […]

Online Scammers Take Advantage of the MH17 Situation

MH17: videos show missile launcher in vicinity of neighbouring towns

Uncompassionate scammers are at it again, and this time they’re exploiting the MH17 plane crash. Tweets, Facebook posts and even a Facebook page have been created to fool users into thinking they’re being shown content relating to the situation, but which either redirect users to a pornographic site or ask for personal information. Online security […]

Why you have probably been the victim of a data breach and just don’t know it.


Most people think of data breaches in terms of a hacker gaining access to a network and stealing thousands – if not millions – of people’s personal information. Many breaches don’t follow this template, however: they are small and non-technical in nature. Many breaches occur due to simple human error. Let me give you some […]