Discover the critical changes, what is involved in updating to ISO 27001:2022 and act NOW to adopt the latest standards. Position your organisation as a proactive leader, boosting stakeholder confidence and increasing trust in your operations. By Richard Nealon What Has Changed with ISO 27001:2202? The 27001 Standard was so well written (along with its accompanying set of 27002 controls) in its last two iterations (2005 & 2013), that it almost remained the same up until 2022.  In February 2022 a new version of 27002 was launched and in October 2022 a new version

On August 17th 2023 the organization formerly known as (ISC)² announced a rebranding to reflect its growing global membership and expanded role in strengthening the influence, diversity and vitality of cybersecurity professionals around the world. The rebrand includes the name change from (ISC)² to ISC2 to improve global accessibility and ease translation across all languages. Originally founded to develop a program and common body of knowledge for the certification of cybersecurity professionals, ISC2 has expanded its range of offerings to meet the needs of its diverse and global community. Since 2020,

This Introduction to GDPR training on the European Union General Data Protection Regulation (GDPR) provides a comprehensive overview of the GDPR's key concepts and requirements, its implications across industries, and practical steps to achieve compliance.   Watch the Introduction to GDPR video to learn: What GDPR is and how it strengthens the privacy rights of data subjects Who are considered data subjects under GDPR Why is GDPR important and what are the benefits to data subjects and organizations What are the obligations and requirements for Data controllers and Data processors when handling

According to IBM's latest report, the average cost of a data breach in 2023 has surged to $4.45 million. This represents a 2.3% increase compared to the previous year and a 15.3% rise from the figures recorded in 2020.     The report highlights the key factors influencing data breach costs. These include: involving law enforcement when handling ransomware incidents the industry in which the breach occurs, with healthcare and financial sectors facing the most significant costs, and the scope of the breach, especially if it affects multiple environments. One of the other insights

  In our digitally connected era, information security is paramount for organisations. Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO 27001:2022 is an international standard that details the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). In this series of articles we’ll explore its benefits, limitations, and the latest updates. By Richard Nealon About ISO 27001 I’ve always been a fan of 27001, even before it was born. Back in the early 1990s there were only two publicly available computer security

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. The PCI Security Standards Council (PCI SSC) released the latest version 4.0 of the PCI Data Security Standard (PCI DSS) on 31st of March 2022. This article aims to provide an overview of the changes introduced in PCI DSS 4.0 and offer recommendations for organisations to remain compliant. Why is the Transition Important? Revisions introduced by PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. PCI DSS v4.0 Requirement 6.2.2 focuses on software security training for development personnel working on bespoke and custom applications.   Overview The PCI DSS v4.0 Requirement 6.2.2 mandates that software development personnel must receive training at least once every 12 months. The training should cover the following crucial areas: Software Security Relevant to Their Job Function and Development Languages: Developers

  The recently published NW Cyber Skills Audit Report offers actionable insights to make this region attractive for cybersecurity investment. The research highlights the key skills gaps and challenges that need to be addressed to take full advantage of these opportunities. This includes growth in cybersecurity related jobs increasing from 250 this year to 830 by 2030.     The NW Cyber Skills Audit Report includes recommendations to help improve and expand cybersecurity under three headings: Promote the NW region’s Cyber Sector Create a Cybersecurity Culture Build a Talent Pipeline for Cyber The insights from this

No enterprise is immune to cyber threats. Organizations need strong cybersecurity leaders to be prepared and resilient so they can minimize the impact of an incident and allow business continuity as effectively as possible. Cybersecurity leaders require a broad set of skills that job experience alone does not teach. Training is essential to learn the expertise needed to build a solid foundation and make an impact and teach both the technical and soft skills required to be a veritable leader. Download the whitepaper to learn how the CISSP can accelerate your career. Prepare

Fabio Cerullo will deliver a highly interactive session on Web Application Security Essentials at OWASP 2023 Global AppSec in Washington DC Web application vulnerabilities can be exploited to access critical and confidential data - Learn how to identify and address potential weaknesses before the application is live. This training aligns with the recent changes to the OWASP Top 10 2021 – the world-renowned reference document that details the most critical security risks to web applications. This ensures that the course is focused on the most up to date knowledge for attendees. The