Running effective incident simulations is an incredibly challenging task. Security teams often run at maximum capacity and have limited time for non-essential activities. This is especially true with data breach simulations. Security teams focus most energies on detecting and responding to malicious network activities occuring early during attacks. In this context, data breaches typically are the end result, rather than the trigger, of a successful network compromise. Because of these constraints and considerations, data breach simulations must perfectly balance planning efficiency, realism and value generation - fortunately, by using a few simple tricks, this balance is generally achievable for most security teams.

If you work in cybersecurity governance, risk and compliance (GRC), chances are you’ve been asked to run rapid risk assessments. The story is often the same: you are going about your day when suddenly a manager asks you to run a security risk assessment for a new tool or project. Unsurprisingly, deadlines are often tight as everything stops while stakeholders wait for security approval. When this happens, how can we deliver risk assessment as fast as possible?

An ISO 27001 Information Security Management System (ISMS) landing page is a resource that provides information about an organisation’s ISMS. It can be used to educate employees about information security, communicate the organisation’s commitment to information security, and demonstrate that the organisation is meeting the requirements of ISO 27001.

Creating a good landing page is not at all complicated: a few simple building blocks are needed and the trick is to know what ISMS pages to include within the different sections of the landing page.

Penetration testing assessments are essential for companies to identify and resolve security vulnerabilities in their systems and applications. By proactively identifying exploitable weaknesses, software development teams can fix security issues before they become an issue.

However, penetration testing assessments are only half the battle. Remediating security issues on time, effectively and in an auditable manner is the other half. For security teams and upper management, measuring the remediation of penetration testing findings is essential for assessing the effectiveness of a company’s security posture.