Selling Penetration Testing to the Board

cyber security, pen testing

Know your vulnerabilities before cyber criminals discover them June and July saw a spike in cyber attacks on organisations of all sizes, including Domino’s Pizza, Code Spaces, the World Cup websites, StubHub, CNET and – perhaps ironically – the Get Safe Online website. We expect to see this continue in August as attackers leverage high […]

Three solutions to Cyber Essentials certification


The UK Government’s Cyber Essentials scheme provides a set of five controls that organisations can implement to achieve a baseline of cyber security, against which they can achieve certification in order to prove their compliance. IT Governance is supporting the Government’s request to make Cyber Essentials certification as easy and inexpensive as possible. In fact, […]

Which service management functions and processes are the most confusing?

Service management functions and processes are pretty straightforward for the most part, but there are always certain ones that people get stuck on. The usual suspects are Configuration Management, Application Management, Service Portfolio Management, Change Management, Problem Management and Incident Management. Some people find these functions and processes a breeze, but many find them hard […]

Enterprise service management: why reinvent the wheel?

I was reading the minutes of a recent AXELOS© ATO roundtable event held in San Francisco, and a term that came up during the event was ‘enterprise service management’. Several questions immediately came into my mind. What is enterprise service management, and what exactly does it involve? Googling the term didn’t deliver any results. I […]

eBay has suffered a security breach for the second time this year


Update 23/07/2014 16:15: The company detected the unauthorised transactions last year, contacted authorities and gave the affected customers refunds and help changing their passwords. It’s unclear whether the digital prowlers then exploited their access to scoop up more information from the compromised accounts. The company and the law enforcement official wouldn’t give further details. – This […]

Are you an e-commerce merchant that doesn’t store any cardholder data? You may need a penetration test.


Among the numerous changes introduced by the PCI DSS v3, two new self-assessment questionnaires (SAQs) have seen the light in 2014: B-IP and A-EP. B-IP is aimed at small- and medium-sized merchants that use standalone, IP-connected terminals (rather than a phone line), even though the merchant does not store electronic cardholder data. The other SAQ […]

Online Scammers Take Advantage of the MH17 Situation

MH17: videos show missile launcher in vicinity of neighbouring towns

Uncompassionate scammers are at it again, and this time they’re exploiting the MH17 plane crash. Tweets, Facebook posts and even a Facebook page have been created to fool users into thinking they’re being shown content relating to the situation, but which either redirect users to a pornographic site or ask for personal information. Online security […]

Why you have probably been the victim of a data breach and just don’t know it.


Most people think of data breaches in terms of a hacker gaining access to a network and stealing thousands – if not millions – of people’s personal information. Many breaches don’t follow this template, however: they are small and non-technical in nature. Many breaches occur due to simple human error. Let me give you some […]

Four Reasons Why Your Organisation Needs Cyber Essentials


The UK Government’s Cyber Essentials scheme (CES) is rapidly gaining interest from organisations across the country. The scheme – designed to make Britain the safest place to do business online – has already been implemented by companies likes Barclays, Nexor and Databarracks. 80% of cyber attacks can be prevented by basic cyber security hygiene, which […]

10 Minutes with… ITGP author Andy Nichols

In our latest author interview, we meet Andy Nichols, author of Exploding the Myths Surrounding ISO9000 – A Practical Implementation Guide, and talk about quality management and certification. ITGP: Thanks for speaking to us Andy. Let’s begin with your book. Most books on ISO9000 only cover the rules and requirements of ISO9000 and how you […]