If you work in cybersecurity governance, risk and compliance (GRC), chances are you’ve been asked to run rapid risk assessments. The story is often the same: you are going about your day when suddenly a manager asks you to run a security risk assessment for a new tool or project. Unsurprisingly, deadlines are often tight as everything stops while stakeholders wait for security approval. When this happens, how can we deliver risk assessment as fast as possible?

An ISO 27001 Information Security Management System (ISMS) landing page is a resource that provides information about an organisation’s ISMS. It can be used to educate employees about information security, communicate the organisation’s commitment to information security, and demonstrate that the organisation is meeting the requirements of ISO 27001.

Creating a good landing page is not at all complicated: a few simple building blocks are needed and the trick is to know what ISMS pages to include within the different sections of the landing page.

Penetration testing assessments are essential for companies to identify and resolve security vulnerabilities in their systems and applications. By proactively identifying exploitable weaknesses, software development teams can fix security issues before they become an issue.

However, penetration testing assessments are only half the battle. Remediating security issues on time, effectively and in an auditable manner is the other half. For security teams and upper management, measuring the remediation of penetration testing findings is essential for assessing the effectiveness of a company’s security posture.

Writing documentation is hard. However, writing awesome documentation is even harder. The challenge is that security teams need good documentation more than any other technical discipline.

The primary reason is that people come and go and it is impossible to replace knowledge without documentation. Secondly, you need to justify what you are doing to the business. When the next audit comes you need to describe what you do and prove you do it. Third, security teams are constantly firefighting and good documentation can make a great difference during incident response.