LRQA Nettitude Blog

We are pleased to announce the addition of Sarah Beresford, our new Security and Network Solutions Account Manager, within the Security and Network Solutions team. This new team delivers network consultancy, enterprise network solutions and network security solutions. Throughout the forthcoming months, Sarah will be working closely with our clients to assess the effectiveness of their current environments and advise on any appropriate action to ensure their business infrastructure is as safe as possible. Below is a further insight into how Sarah will be working within this new team.

By Joel Snape, Senior Security Researcher at Nettitude

Across most branches of industry, it is common to find security companies doing pro-active vulnerability research on equipment used in that industry and publishing details of the issue found after liaising with the vendor to ensure they are fixed. For example, in the wake of several large-scale internet attacks in 2016, researchers focused their attention on IoT devices with many reports surfacing of issues with devices such as CCTV cameras, home routers and network-connected storage devices.

In the maritime space, however, much less research has been publicly shared, predominantly because of the comparative cost and lack of accessibility of standard maritime equipment, although research has been carried out for several years, and some of the results have been publicly presented. Nettitude have pulled together highlights of the most relevant research in the public domain from a few key systems and highlighted the impact these vulnerabilities have within the marine and offshore sector, full details of which can be found in this report. So, what did the researchers find? Is the equipment currently used secure?

ISO27701:2019, a new international standard concerned with the management of personal data, has been published. ISO27701 is a Privacy Information Management System (PIMS), and provides an extension to the better known ISO27001:2013 Information Security Management System (ISMS).

In this blog, we’ll take a brief look at the new standard, how it differs from ISO27001:2013, and how it can benefit your organisation.

What is a zero day attack exploit?

Imagine setting sail with your bow doors still open. Or operating with an engine that leaked 50% of its fuel intake. Or if we let the bridge continue to operate with all the windows smashed.