AI Governance: Secure the Future by Embracing Responsible AI Practices

how to write a phishing email

AI in Simple Terms  At its core, AI is simply software that can ‘think’, ‘learn’, and ‘make’ decisions – somewhat like we humans do. AI systems aren’t programmed in the traditional way – but instead, and to an extent, program themselves.   Generative AI is a specific type of AI that can generate content that didn’t […]

Cracking the Code: Understanding the European Cyber Resilience Act and its Impact

EU Resilience Act

EU Cyber Resilience Act The Cyber Resilience Act (CRA) exists to bolster cyber security for the EU. But it has not been without controversy. Many open-source organisations have criticised the act for creating ‘a chilling effect on open-source development.’   The proposal spells out defence and resilience on several fronts. One is to protect consumers […]

How to Implement a Clear Desk & Clear Screen Policy for Your Organisation

Clear Desk and Screen Policy

You know that feeling when you walk into an office, and it looks like a hurricane just blew through? Papers litter the area, sticky notes cling to computer monitors like colourful barnacles, and chaos fills the air. The implications of these might seem obvious but they pose greater problems — Information and Cyber Security Risks. […]

ISO 27001 Clauses 4-10: A Complete Guide

ISO 27001 Clauses

ISO/IEC 27001  is an international standard for creating an information security management system (ISMS). It provides a systematic approach for organisations to manage and protect their sensitive information. This standard is broken down into Clauses and Security Controls (Annex A) which every organisation that intends to be ISO 27001 compliant is required to follow. The […]

What is Open-Source Intelligence? How to Get Started

Imagine a world intricately woven with connections, where information flows like a meandering river of possibilities. This is the world we currently live in. In the past, intelligence primarily revolved around strategic knowledge, used by decision-makers to gain advantages, often centred on foreign capabilities, global events, and local concerns, particularly in the military and security […]

How to Prepare for an ISO 27001 Audit

ISO 27001 Audit

In the world of information security, there are many frameworks and countless guidelines. But among them all, one standard rules them all. Originating from the Plateau of Gorgoroth in Northwestern Mordor, it towers high above the rest, peering deep into the very hearts of organisations like the Eye of Sauron; controlling information security for all […]

ISO 27001: Steps to Write a Statement of Applicability

ISO 27001 Statement of Applicability

ISO 27001 Statement of Applicability A central component of becoming compliant with ISO 27001 is creating a Statement of Applicability (SoA). This is a document in which a vast number of controls (defensive policies, procedures, techniques and mechanisms) are considered, and the applicability of each one is weighed up against your organisation’s risks. While a […]

How to Respond When Data Breaches Hit the Fan

incident response plan

Not many companies anticipate being the focal point of a significant data breach incident. However, cybercriminals can infiltrate around 93% of businesses within an average of two days. In the third quarter of 2022 alone, approximately 150 million data records were compromised In today’s competitive business landscape, companies increasingly rely on data systems like cloud […]

Risk Crew