Author: Luke Irwin

Organisations that implement ISO 27001 must write a secure development policy. The requirements for doing this are outlined in Annex A.14 of the Standard: System acquisition, development and maintenance. In this blog, we explain how you can use ISO 27001’s guidelines to create your policy, and take a look at some of the controls you should implement. What is a secure development policy? A secure development policy is a set of rules that help organisations mitigate the risk of security vulnerabilities in development environments – i.e. the workspaces where organisations make changes to software and web applications without affecting the

The post How to create an ISO 27001 secure development policy – with template appeared first on IT Governance UK Blog.

Read More How to create an ISO 27001 secure development policy – with template

Protecting your organisation against cyber attacks can sometimes feel like a never-ending game of security whack-a-mole. As soon as you’ve secured one weakness, another one appears. This can demoralise any organisation and make them believe that good information security practices are impossible. However, there is a solution – but it requires a different way of thinking. Organisations must stop looking at each individual threat as it arises and instead build defences that are equipped to handle whatever cyber criminals throw at you. Doing that is simpler than it sounds. That’s because, as much as cyber criminals’ tactics evolve, they tend

The post 5 ways to improve your information security in 2021 appeared first on IT Governance UK Blog.

Read More 5 ways to improve your information security in 2021

If your marketing agency is under the impression that cyber security is strictly an IT issue, you should think again. Effective security is a company-wide commitment, and marketers play one of the most crucial roles. Consider how much personal data you collect; if that information is lost or stolen, it will severely damage your customer relationships. In fact, a Ping Identity survey found that 78% of people would stop using an organisation’s online services if it had experienced a breach. So, what should marketing agencies do to reduce the risk of cyber attacks and protect their reputation? Here are our

The post A guide to cyber security for marketing agencies appeared first on IT Governance UK Blog.

Read More A guide to cyber security for marketing agencies

In 2020, we recorded 1,120 breaches and cyber attacks that were reported on in mainstream media, which accounted for 20,120,074,547 leaked records. Compiling this information enables us to see how security incidents occur and the trends to look out for. Did you know, for example, that the number of disclosed incidents shot up in the second half of the year, showing the impact that COVID-19 has had on organisations? Or that there was a 50% increase in breached records compared to 2019? In this blog, we take a closer look at this data. You can also find a summary in

The post 2020 cyber security statistics appeared first on IT Governance UK Blog.

Read More 2020 cyber security statistics

Denial-of-service (DoS) attacks are intended to shut down or severely disrupt an organisation’s systems. Unlike most cyber attacks, the goal isn’t to steal sensitive information but to frustrate the victim by knocking their website offline. The criminal hacker therefore doesn’t profit from the attack, but the loss of service can cost the victim up to £35,000. Why would an attacker be interested in doing this? Typically, it’s because they hold a grudge against the target – many DoS attacks are politically motivated – although some attacks are used to distract the victim as the attacker launches a more sophisticated attack

The post What is a DoS (denial-of-service) attack? appeared first on IT Governance UK Blog.

Read More What is a DoS (denial-of-service) attack?

We’re not going to lie: implementing an ISO 27001-compliant ISMS (information security management system) can be a challenge. But as the saying goes, nothing worth having comes easy, and ISO 27001 is definitely worth having. If you’re just getting started with ISO 27001, we’ve compiled this 9 step implementation checklist to help you along the way. Step 1: Assemble an implementation team Your first task is to appoint a project leader to oversee the implementation of the ISMS. They should have a well-rounded knowledge of information security as well as the authority to lead a team and give orders to

The post ISO 27001 checklist: a step-by-step guide to implementation appeared first on IT Governance UK Blog.

Read More ISO 27001 checklist: a step-by-step guide to implementation

Cyber security risk assessments are essential for organisations to protect themselves from malicious attacks and data breaches. After all, it’s only once you’re aware of the ways you’re vulnerable that you can put appropriate defences in place. But what exactly does a risk assessment do? Essentially, it helps you answer these three questions: Under what scenarios is your organisation under threat? How damaging would each of these scenarios be? How likely is it that these scenarios will occur? To complete a risk assessment, you must give each scenario that you identify a ‘risk score’ based on its potential damage and

The post A brief guide to cyber security risk assessments appeared first on IT Governance UK Blog.

Read More A brief guide to cyber security risk assessments

If there’s one certainty about cyber crime, it’s that criminals are always looking to acquire sensitive data. Whether you’re a small e-tailer with a handful of employees or a multinational, you must take steps to protect the valuable information you collect. In that regard, e-commerce is no different to a physical store that has CCTV cameras to monitor theft and security guards to catch shoplifters. But what is the cyber security equivalent, and what are the threats you need to look out for? We explain everything you need to know in this blog. What are the threats to e-commerce businesses?

The post A guide to cyber security for e-commerce businesses appeared first on IT Governance UK Blog.

Read More A guide to cyber security for e-commerce businesses

No matter what size your organisation is, it will suffer a cyber attack sooner or later. There are simply too many malicious actors and too many vulnerabilities for you to identify. Unfortunately, SMEs often fall into the trap of believing that they are too small to be on cyber criminals’ radars. Why would they even think to target you? But criminal hackers target vulnerabilities rather than specific organisations. They look for weaknesses – whether it’s a flaw in a piece of software or an unprotected database containing sensitive information – and leverage it in whatever way they can. That’s why

The post Cyber security statistics for small organisations appeared first on IT Governance UK Blog.

Read More Cyber security statistics for small organisations

Information security policies are essential for tackling organisations’ biggest weakness: their employees. Everything an organisation does to stay secure, from implementing technological defences to physical barriers, is reliant on people using them properly. It only takes one employee opening a phishing email or letting a crook into the premises for you to suffer a data breach. Information security policies are designed to mitigate that risk by helping staff understand their data protection obligations in various scenarios. Organisations can have as many policies as they like, covering anything that’s relevant to their business processes. But to help you get started, here are five policies

The post 5 information security policies your organisation must have appeared first on IT Governance UK Blog.

Read More 5 information security policies your organisation must have