Blog

Four key steps to transform security awareness, training and education

Many workforces would attest that security awareness, training and education (SETA) is either mundane, takes too long and lacks relevancy to job roles...

How to establish a behavioural baseline

Managing a successful security programme to tackle the issue of poor security behaviour is a significant challenge, even for the most mature organisat...

Why is security awareness failing?

Many, if not all, organisations run some form of ‘security awareness’ campaign with differing degrees of impact and success; whether it be an or...

Supply chain security: answering the key questions

The events of 2020 have emphasised two key facts: Supply chains are vital to business. Supply chains are a major source of information risk. Bus...

How to quantify assets?

In risk quantification, the crux of the analysis lies in the value of the asset at risk or how much money is an organisation likely to lose in the e...

Is Artificial Intelligence (AI) the new nuclear weapon?

Data is the new oil, homeworking the new norm, and social media the new news platform. Does that mean AI will be the new nuclear weapon? An excellent...

Beware security blind spots at the edge

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments,...

Malice, money and good management

Scammers, cyber-thieves and computer criminals are not far behind pornographers when it comes to exploiting technology innovations for their own pur...

‘Shift left’ to secure containers

Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What...

Quantitative Techniques in Information Risk Analysis

Cyber is one of the biggest risks to organisations. Trillions of dollars are lost worldwide every year and all organisations are exposed. The best pre...

How attackers build target profiles

Vishing attacks are a very cost-effective mechanism for manipulating individuals, using the voice to humanise the delivery and make the attacker see...

Threat Horizon 2022: Neglected infrastructure cripples operations

In a world where constant connectivity and real-time data processing is vital to doing business, even brief periods of downtime will have severe con...

Invasive Technology Disrupts the Everyday: Robo-helpers help themselves to data

As robotic technologies advance, we will begin to see a growing number of innocently branded, friendly-faced robo-helpers in a growing number of env...

Invasive Technology Disrupts the Everyday: Behavioural analytics trigger a consumer backlash

As a deluge of sensors, cameras and other embedded devices fill homes, offices, factories and public spaces there will be growing concern from citiz...

Top Tips to Prepare for Cyber Threats in the COVID-19 Era

The ISF Threat Radar is a visual aid created to accompany the Threat Horizon reports that can be leveraged by organisations to assess the impact of ...

Standard of Good Practice for Information Security 2020 - Now available to Members

Already an ISF Member? Download the SOGP 2020 here > The ISF is pleased to announce the release of the Standard of Good Practice for Information Secu...

Invasive Technologies Disrupt the Every Day: Augmented attacks distort reality

Threat 1.1 Augmented attacks distort reality New and emerging technologies have begun invading every element of daily life as it increasingly beco...

COVID-19: Top 10 Cyber Security Tips for Homeworking

The COVID-19 outbreak has turned many regular office goers and commuters into home workers. They have been thrust into an environment that is both fa...

Threat Horizon - The World in 2022

The digital and physical worlds are on an irreversible collision course. By 2022, organisations will be plunged into crisis as ruthless attackers ex...

Securing the Cloud Management Console

The cloud management console is one of the most overlooked and underestimated features of a successful cloud deployment. In the research on Using C...

What Assurance Should Boards be Obtaining from their CIO and CISO?

If you are sitting at the table during a board meeting of a global enterprise, there is a good chance you are discussing the organisation’s busine...

The joke's on you: Information security jokes we can all appreciate

Everyone appreciates a cracker joke every now and then. Since it’s Christmas, we thought we would do something fun and share some of the favourite...

Apply the ISF Approach for using cloud services securely

The latest ISF research Using Cloud Services Securely: Harnessing core controls has been completed and it has benefited from an extensive level of...

Cyber resilience: One side of the cyber risk management coin

Cyber resilience is considered by many security professionals as a key component of a cyber risk management strategy. And they’re right. Often inv...

The Backup Is Dead, Long Live Restoration

Organisations invest large sums of money into backing up their data and then storing it - sometimes indefinitely - but often find that backups fail ...

Your Vulnerability is Someone Else’s Pay Cheque

Bug bounties and crowdsourced penetration testing, why might you need them? Many organisations have implemented a Penetration Testing programme of so...

Lessons from the CRO’s office

Recent work with Chief Risk Officers (CROs) from financial institutions highlighted that the management of financial risk and cyber risk remains wor...

Gen Z - A New Threat to Information Security?

Every 15-25 years a new ‘generation’ enters the workplace, each with different social values, characteristics and personality types. Each generati...

The Role of the CISO during the Board Meeting

                To what extent are boards’ priorities part of the CISO agenda? Effective CISOs play a vital role in the running o...

Computer Weekly - Towards a united state of security

Of his new national security appointments, president elect Biden said they would demonstrate the US’ commitment to: ‘work with our allies and frie...