How to write your own SSP (System Security Plan)

How to prepare and write an SSP (System Security Plan) for business cyber continuity The CMMC 2.0 certification process requires that you generate and follow an SSP (System Security Plan). But that is not what you should start with! Look at the graph below. Your first step is to identify all risks as per NIST […]

Is your Active Directory in urgent need of attention?

ad-security-assessment-technical

Image credit: https://github.com/Orange-Cyberdefense/arsenal Active Directory is responsible for authorisation, authentication and privilege control as the core of most organisations’ IT infrastructure. And the image above is how a hacker sees it – the mind map is specifically called “Pentesting Active Directory,” created by an organisation specialising in attacking Active Directory the same way a hacker […]

How to obtain a SOC 2 Type 1 or Type 2 report for SaaS companies

This article clarifies some of the terminology and processes around getting your SOC 2 Type 1 and Type 2 reports if you are a SaaS company. What is SOC 2? SOC stands for “service organization controls.” SOC 2 is a reporting framework developed by AICPA. It is not a security framework; AICPA sets the criteria, […]

Cyber Attacks

“Everyone has a plan until they get punched in the face.” – Mike Tyson
Not an everyday occurrence, but certainly a reality experienced or heard of, and perhaps on-going within your organisation as you read this.

Alternative Tech

“Everybody has to pay attention to the digital revolution.” David Bonderman

The Business of Law

“Every once in a while, a new technology, an old problem, and a big idea turn into an innovation.” Dean Kamen

Accounting for Cloud

“Never trust a computer you can’t throw out a window.” Steve Wozniak, co-founder of Apple