Risk Assessments
California Gets Serious About Regulation (Again)
California’s privacy regime has evolved. As of January 1, 2026, the CCPA/CPRA now mandates risk assessments, automated decision-making (AI) oversight, and independent cybersecurity audits ...
The Biggest Technology Risk to Organizations is Failing to Plan for Cybersecurity Chaos
Budget cuts at CISA highlight the urgent need for businesses to strengthen internal cybersecurity strategies. From mapping hybrid networks to embedding a security-first culture, organizations must proactively close the gap between chaos ...
How to Develop an Asset Inventory for ISO 27001
One of the key compliance requirements of ISO 27001 is to create an asset inventory. This is a list of information assets that an organisation owns, including fixed assets such as property ...
Assigning impact and likelihood values in an asset-based information security risk assessment
Organisations that are looking to improve their information security posture are probably familiar with ISO 27001. It’s the international standard that describes best practice for an ISMS (information security management system), and ...
Are Cyber Insurers Cybersecurity’s New Enforcers?
Recent ransomware attacks have dominated the headlines this year. Predictions estimate that the financial impact caused by ransomware could reach $265 billion globally by 2031. That means cyberattacks targeting enterprises and individuals ...
How to achieve repeatable risk assessments
Information security risk assessments help organisations understand the threats they face and the treatment options they should consider. The assessment should be performed regularly – either once a year or whenever there ...
ISO 27001: Top risk treatment options and controls explained
For all the attention that organisations pay to their ISO 27001 risk assessment, it’s worth remembering that there’s an additional step afterwards – risk treatment. This is where you take the risks ...
Having too many security solutions is as bad as having too few
When you’re considering your organisation’s cyber security measures, there are two things you must consider: do these controls work now, and will these controls work in the future? The first issue is ...
3 myths about ISO 27001 certification
ISO 27001 is the international standard for an ISMS (information security management system), a best-practice approach to security that helps organisations achieve all of their data privacy compliance objectives. If you are ...
Top 10 risks to include in an information security risk assessment
An ISO 27001 risk assessment should have five key steps. In this blog, we look at the second step in the process: identifying the risks that organisations face. How to identify threats You ...
