How to prepare and write an SSP (System Security Plan) for business cyber continuity The CMMC 2.0 certification process requires that you generate and follow an SSP (System Security Plan). But that is not what you should start with! Look at the graph below. Your first step is to identify all risks as per NIST […]
Image credit: https://github.com/Orange-Cyberdefense/arsenal Active Directory is responsible for authorisation, authentication and privilege control as the core of most organisations’ IT infrastructure. And the image above is how a hacker sees it – the mind map is specifically called “Pentesting Active Directory,” created by an organisation specialising in attacking Active Directory the same way a hacker […]
This article clarifies some of the terminology and processes around getting your SOC 2 Type 1 and Type 2 reports if you are a SaaS company. What is SOC 2? SOC stands for “service organization controls.” SOC 2 is a reporting framework developed by AICPA. It is not a security framework; AICPA sets the criteria, […]
It’s not just large corporates who fall victim to cyber-attacks. Far from it. SMEs are increasingly targeted, often with serious consequences for their clients as well as the firm’s reputation.
“Everyone has a plan until they get punched in the face.” – Mike Tyson
Not an everyday occurrence, but certainly a reality experienced or heard of, and perhaps on-going within your organisation as you read this.
“An investment in knowledge pays the best interest.” Benjamin Franklin
“Everybody has to pay attention to the digital revolution.” David Bonderman
“Everything you can imagine is real.” Pablo Picasso
“Every once in a while, a new technology, an old problem, and a big idea turn into an innovation.” Dean Kamen
“Never trust a computer you can’t throw out a window.” Steve Wozniak, co-founder of Apple