Security Controls

Biden’s Executive Order – A cloud migration to make the moon landing look simple

Leave a Comment / Security Controls / By Stefan Sokolowski

On the 22nd May 2021, President Joe Biden signed an executive order to improve the national cybersecurity posture. Section 2 of the Executive order was all about sharing threat and incident data between government and service providers. Section 3 takes Government Agency IT by the scruff of the neck and looks to drag it into …

Biden’s Executive Order – A cloud migration to make the moon landing look simple Read More »

Biden’s Cyber Executive Order – One SIEM to rule them all?

Leave a Comment / Security Controls / By Stefan Sokolowski

I started off looking to write a summary of the Cyber Resilience Executive Order released on the 12th May 2021 by President Biden. Unfortunately, this is a must larger task than first envisaged. There is a huge amount of material condensed into a single document. The document is long and dense (but dense in the …

Biden’s Cyber Executive Order – One SIEM to rule them all? Read More »

Principle & Prudence – the conservative approach to cyberattacks

Leave a Comment / Data breach, Security Controls / By Maria Sokolowska

The Storting, the Norweigan Parliament, was targeted in a cyberattack in September 2020. Emails of MP’s and members of staff were hacked. Measures have been taken, and the incident reported to the police.
Looking online for further information, what stands out is the uniformity of the response.

A review of the CMMC v1.0

Leave a Comment / Security Controls, Third Party Security Assurance / By Stefan Sokolowski

After giving CMMC v0.4 a bit of a butchering in September of last year, I thought it only fair to revisit the Cybersecurity Maturity Model Certification being proposed by the US DoD, that all third party contractors will have to adhere to from June 2020. I have to say I am pleasantly surprised with the …

A review of the CMMC v1.0 Read More »

ENISA’s Online Platform for Security of Personal Data Processing

Leave a Comment / ISO 27701, Security Controls / By Stefan Sokolowski

In December 2019, ENISA released an online platform to help Data Controllers and processors with the security controls applicable to personal data processing. The platform looks to tie together ISO 27001, ISO 27005, the GDPR requirements and some principles from ISO 27701, to provide a link between high-risk personal data processing and the security controls …

ENISA’s Online Platform for Security of Personal Data Processing Read More »

Create a Cyber Incident Plan from scratch

Leave a Comment / Incident Plans, Security Controls / By Stefan Sokolowski

You have been told you need to create a cyber incident response plan and I don’t know where to start. Many companies do not currently have a cyber incident response plan (link to survey), so it is likely that there are quite a few out there that are trying to get to grips with writing …

Create a Cyber Incident Plan from scratch Read More »

America’s Data at Risk

Leave a Comment / Security Controls / By Stefan Sokolowski

On 25th June 2019, a report was published by the Permanent Subcommittee on Investigations of the US Senate on the state of cybersecurity within eight key Federal Agencies. This report has received little global coverage given the scale of the findings within its 95-pages. The findings make for scary reading for the U.S. Government and all …

America’s Data at Risk Read More »

Basic Security Controls for SMEs

Leave a Comment / Security Controls / By Stefan Sokolowski

If you are a Small to Medium Enterprise (SME) working for a bigger organisation as a third party, how do you comply with your security obligations as per the contract, but not spend a fortune on security tools? In the UK, the National Cyber Security Centre (NCSC) has come out with Cyber Essentials, as a …

Basic Security Controls for SMEs Read More »