When looking to embark on achieving ISO 27001 Compliance, every organisation should know what challenges are ahead, in order to overcome them. It doesn’t have to be that hard if you know the hurdles. Risk Crew would like to share some tips to jump the hurdles when it comes to building your Information Security Management […]
The revised version of ISO 27001 finally landed on 25 October 2022. It’s been almost 10 years since the last major update, and while the revisions may seem minor, they are in fact significant and serve to both solidify and clarify the standard. In this post, we’ll cover what changed, why the new version was […]
Documenting your information security management system (ISMS) for evidence of compliance with the ISO 27001:2022 standard can be confusing as it is not clear which documents are mandated and which are discretionary. Consequently, most of us overcompensate and produce far more paperwork than we need causing redundant and conflicting policies to confuse our stakeholders, staff […]
If you’re considering a penetration test to identify and fix vulnerabilities within your business, you might not know which type of pen test is best for you. In this article, we explore the types of penetration testing available, and what they are best for. What are the Different Types of Penetration Testing? Risk Crew offers […]
With the ever-increasing threat of data breaches for many organisations, testing your security systems is the only way to find vulnerabilities. When discussing cyber security tests, the terms “Red Team” and “Blue Team” are often mentioned. In this article, we will cover what the two teams are, their roles and how they work together to […]
Information security risk assessments are crucial for any businesses that deal with any sensitive information that could potentially cause harm if accessed, shared, modified, or deleted. In this article, we cover how your business can benefit from a security risk assessment, how they are conducted, and how you can use the assessment findings to improve […]
Simply put — social engineering works. Ask any Threat Actor in the business. Social engineering was behind more than 95% of the attacks reported last year by Purplesec. Consequently, educating your staff on what it is and how to spot it is nothing less than critical. Here are the top 10 most common types of […]
Yes. We know. A lot has been written on how to spot phishing attacks over the last few years. And yet, not a week goes by wherein we hear of several companies that suffer cyber-attacks because a staff member falls victim to a classic phishing email that should have been easily spotted. Why is that? […]
Year after year, statistics show phishing attacks continue to rise. Why? Because they work, and this simple attack brings results. Consequently, this attack has evolved and become more sophisticated and harder to identify. Gone are the days of the error-filled 419 emails from a Nigerian Prince requesting your account details to hide money offshore. Instead, […]
By now we all know the effect a Ransomware attack can have on an organisation. If you are not aware of the history of attacks and which ones are on the current threat landscape, you should be. Educating yourself is the first step to understanding how threat actors operate and what tools, tactics and procedures […]