Should You Conduct Red Team Testing Without a Blue Team?


We often hear the question: “Should we perform Red Team Testing without a Blue Team?” The answer is yes and let’s explain this answer by starting with a reminder of the objective of performing Red Team Testing – to verify the effectiveness of the security controls implemented in the organisation’s people, process, facilities and technology. […]

ISO 27001 vs SOC 2: Apples and Oranges

ISO 27001 and SOC 2

What’s the difference between ISO 27001 verses SOC 2? Good question. SOC 2 is becoming increasingly popular as more and more service providers are being asked for tangible evidence that the services they provide – are trustworthy and resilient. This is a direct result of the recent dramatic rise in cyber breaches sourced to the […]

What’s a Mature Security Awareness Programme?

Security Awareness Programme

Good news. Bad news. The bad news is that cyber security threats to businesses are increasing exponentially every day. But then, you already knew that. The good news is that the best defence against these ever-growing threats is already at work in your business – your staff. In 2019, 60% of the breaches that occurred […]

Risk Crew