In an information or cyber security context, a Red Team is a group of ethical hackers that design and execute a series of coordinated technical and social engineering attacks on an organisation’s people, processes, and technology to simulate how an intruder could obtain unauthorised access to its systems or information assets. In simple terms, a […]
Guest Contributor: Benjamin Turner, Chief Operating Officer, Agrimetrics Shortly after Russia’s invasion of Ukraine, I advocated in a BBC news article and North American technology podcast The Feed that we should regard parts of the UK’s agriculture and agrifood system as critical national infrastructure. What does it mean to be critical national infrastructure, and why […]
“There has been a 742% average annual increase in software supply chain attacks over the past 3 years”[i] The above statistic might seem implausible, but supply chain cyber attacks have become a pressing issue for businesses as the reliance on technology and interconnected systems have grown. These attacks can compromise sensitive information, disrupt operations, and […]
Cyber threats are increasing exponentially year after year. To help organisations protect against these threats, the European Union (EU) has established the TIBER EU framework. It was developed because of concerns about how its member states were managing (or mismanaging) their national cyber security risks and from the clear need for a common framework to […]
A common question that comes up when implementing ISO 27001 is: Should I include security penetration testing in my Information Security Management System (ISMS) programme to comply with the ISO 27001 standard and meet auditor expectations? The answer is both yes and no — depending on how you look at it. The standard does not […]
The cyber security industry has failed. Are you still reading this? If so, you’ve probably seen the evidence. It’s clearly visible all around us and is overwhelming. If you agree that the cyber security industry was founded on the fundamental objective of preventing information technology (IT) systems from breaches and data theft, then you must […]
Ransomware is a type of malware that encrypts files and then seeks payment in exchange for the encryption key. A ransomware readiness assessment is an audit that businesses can undergo to determine their risk level for ransomware. The assessment will help you identify which areas of your organisation are at the highest risk for attack […]
When looking to embark on achieving ISO 27001 Compliance, every organisation should know what challenges are ahead, in order to overcome them. It doesn’t have to be that hard if you know the hurdles. Risk Crew would like to share some tips to jump the hurdles when it comes to building your Information Security Management […]
The revised version of ISO 27001 finally landed on 25 October 2022. It’s been almost 10 years since the last major update, and while the revisions may seem minor, they are in fact significant and serve to both solidify and clarify the standard. In this post, we’ll cover what changed, why the new version was […]
Documenting your information security management system (ISMS) for evidence of compliance with the ISO 27001:2022 standard can be confusing as it is not clear which documents are mandated and which are discretionary. Consequently, most of us overcompensate and produce far more paperwork than we need causing redundant and conflicting policies to confuse our stakeholders, staff […]