Cyber Security Archive
In April, there will be a major change to the way the Cyber Essentials scheme is administered. From 1 April 2020, in a move to standardise the requirements for Cyber Essentials certification, the National Cyber Security Centre (NCSC) will drop …
As part of their ISO 27001 compliance, organisations must conduct management reviews to address any emerging information security trends and to ensure that their ISMS (information security management system) works as intended. Unfortunately, there’s a mistaken belief that the review …
While most of us spent New Year’s Eve celebrating, the IT department at Travelex was grappling with a ransomware virus that was spreading through its systems. Almost two weeks on, the currency exchange service is finally starting to restore its …
Stock up on sprouts, hang the decorations and prepare for a barrage of cyber attacks, because the Christmas season is in full swing. December is a busy time for cyber criminals, as they look to take advantage of understaffed IT …
If you’re planning to implement an ISMS (information security management system), you’ll need to document the scope of your project – or, in other words, define what information needs to be protected. There will almost certainly be more information and …
As part of your ISO 27001 certification project, your organisation will need to prove its compliance with appropriate documentation. ISO 27001 says that you must document your information security risk assessment process. Key elements of the ISO 27001 risk assessment …
Throughout October, cyber security experts have been helping Europeans understand the importance of effective information security practices as part of Cyber Security Month. The campaign may be drawing to a close, but there is still plenty you can do to …
One of cyber criminals’ favourite ways of hacking organisations is through brute-force or ‘password spraying’ attacks, which bombard targets with login attempts using lists of common passwords.. It’s so much easier to access a site or service using someone’s login …
Technology can only do so much to protect an organisation from data breaches. That’s why Requirement 12 of the PCI DSS (Payment Card Industry Data Security Standard) instructs organisations to implement policies and procedures to help staff manage risks. Employees …
Online retailers and other organisations using ecommerce functionality must prepare for the threat of formjacking, Symantec has warned, after detecting 3.7 million instances of the attack method in 2018. Formjacking works by inserting malicious JavaScript code into the payment form …
