As the use of technology in the workplace continues to grow, so does the importance of cybersecurity. Large corporations are frequently targeted by hackers, but smaller enterprises may be even more appealing targets as they may not be able to devote as much attention to setting up cybersecurity protocols and are thus simpler to breach. Despite the increasing awareness of cybersecurity threats, many employees still do not take the necessary precautions to protect their data and devices.
Topics: cybersecurity training courses, Cybersecurity training
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) was released at the end of March 2022. At the time of writing, we now have less than one year until the previous version, 3.2.1, is retired and can no longer be used for new assessments.
Topics: PCI Compliance, PCI DSS 4.0, PCI DSS, payment card industry security standards, PCI DSS Compliance
Working on your company’s virtual IT security isn’t the only piece of the Information Security jigsaw puzzle. Whilst the bulk of your technical teams’ efforts should be filling in the centre of the jigsaw with things like firewalls, monitoring, endpoint protection, security testing, and more; an organisation's physical security can often get left behind. Whilst the centre of the puzzle is critical to your overall security infrastructure, if the little things like an unlocked server room or unauthorised access to the building are overlooked, then the whole security operation is jeopardised.
Below, we’ll step into the shoes of one of our expert Penetration Testers to find out his experiences with physical security failures and evaluate what went wrong, as well as what physical security measures need to be implemented to ensure a holistic cybersecurity plan is in place.
Topics: Cyber Security, Security Blog, Security Testing, Cyber Security Blog
By Joe Donohue | Senior Information Security Consultant at LRQA Nettitude
For many defense suppliers, CMMC is another compliance headache. So, being asked to adopt a new set of practices is a tall order, especially for those organizations that recently put in a tremendous effort to meet the requirements of the NIST 800-171 framework. Fortunately, rather than being a massive change in direction, CMMC is the next logical step in the United States Department of Defense's (DoD’s) drive to secure its supply chain. So, with the proper approach, your organization can gracefully meet this new challenge and benefit by becoming more secure and resilient in the process.
Topics: Cyber Security, Security Blog, Cyber Security Blog, Download Area, CMMC Campaign
As more organisations begin to understand the importance of maturing their cybersecurity strategy, the focus is shifting away from a more ‘compliance-based’ plan and is logically developing towards a reactive security posture with a more modern, proactive and continual assurance approach. Infrastructure penetration testing is a crucial part of an ongoing security assurance programme, as well as being a distinct step in the journey.
In the following blog post, we’ll cover the reasons why an organisation would need an infrastructure penetration test, as well as the key as well as the key considerations that need to be made in advance of one.
Topics: Cyber Security, Nettitude, News, Security Blog, Cyber Security Blog, Download Area
