ISO 27001 Penetration Testing Common Questions

ISO 27001 Penetration Testing

A common question that comes up when implementing ISO 27001 is: Should I include security penetration testing in my Information Security Management System (ISMS) programme to comply with the standard and meet auditor expectations? The short answer is: Yes, testing will show proof that your ISMS is compliant with ISO 27001 standard controls. Why? Because […]

How a Ransomware Readiness Assessment Can Help Your Business Stay Safe

prepare for ransomware

Ransomware is a type of malware that encrypts files and then seeks payment in exchange for the encryption key.  A ransomware readiness assessment is an audit that businesses can undergo to determine their risk level for ransomware. The assessment will help you identify which areas of your organisation are at the highest risk for attack […]

Get ISO 27001 Tips to Jump the Hurdles of Compliance

How-To-Get-ISO-27001

When looking to embark on achieving ISO 27001 Compliance, every organisation should know what challenges are ahead, in order to overcome them. It doesn’t have to be that hard if you know the hurdles. Risk Crew would like to share some tips to jump the hurdles when it comes to building your Information Security Management […]

ISO 27001 Compliance Checklist: The Documentation Required

Man with lots of documents on his desk

Documenting your information security management system (ISMS) for evidence of compliance with the ISO 27001:2022 standard can be confusing as it is not clear which documents are mandated and which are discretionary. Consequently, most of us overcompensate and produce far more paperwork than we need causing redundant and conflicting policies to confuse our stakeholders, staff […]

Vulnerability Alert: Heap Buffer Overflow in WebRTC

Risk Rating: HIGH Affected Products: Google Chrome Affected Version:Versions previous to 103.0.5060.114 Patched Version: 103.0.5060.114 Vendor: Google Date: 01/07/2022 Introduction: A zero-day vulnerability was identified and disclosed to Google that affects the WebRTC (Web Real-Time Communications) component within the browser, which allows for exploitation of a Heap Buffer Overflow vulnerability. Technical details are limited at […]

What are the Different Types of Penetration Testing?

If you’re considering a penetration test to identify and fix vulnerabilities within your business, you might not know which type of pen test is best for you. In this article, we explore the types of penetration testing available, and what they are best for. What are the Different Types of Penetration Testing? Risk Crew offers […]

Red Team Vs Blue Team – What’s the Difference?

With the ever-increasing threat of data breaches for many organisations, testing your security systems is the only way to find vulnerabilities. When discussing cyber security tests, the terms “Red Team” and “Blue Team” are often mentioned. In this article, we will cover what the two teams are, their roles and how they work together to […]

How Do You Conduct an Information Security Risk Assessment?

Information security risk assessments are crucial for any businesses that deal with any sensitive information that could potentially cause harm if accessed, shared, modified, or deleted. In this article, we cover how your business can benefit from a security risk assessment, how they are conducted, and how you can use the assessment findings to improve […]

Vulnerability Alert: CVE-2022-21449 – Psychic Signatures

Risk Rating: HIGH   Affected Product: Java SE & Oracle GraalVM Enterprise Edition product of Oracle Java SE  Affected Version: Versions 15, 16, 17 & 18, Oracle GraalVM Enterprise Edition: 21.3.1 & 22.0.0.2  Patched Version: April 2022 Critical Patch Update   Vendor: Oracle   Date of Disclosure: 19.04.2022  Introduction: A vulnerability exists within the implementation of ECDSA cryptographic […]

Risk Crew