It’s not surprising that adoption of Cyber Essentials certification is growing steadily year on year. It’s a valuable certification to have, not least of all for the many commercial opportunities it presents. But as a Cyber Essentials Assessor, one thing I see repeatedly is that poor network boundary implementation making reaching certification harder than it has to be – especially for smaller organisations. That’s what I’m going to be looking at in this blog.
Implementing ISO 27001, the international standard for information security management, is a complex process that requires expertise, experience and careful planning. This blog explores why using a consultant for ISO 27001 implementation is crucial to not just ensure certification, but also (and perhaps more importantly), to build an information security management system that is tailored to your business and its objectives. To make sure your certification is actually working for you.
US data transfers... are they allowed? Well. Yes. It depends....it’s complicated. Let’s get stuck in and I’ll explain all. In July this year, the EU Commission made an adequacy decision for the new EU-US Data Privacy Framework (DPF). This can be seen as Safe Harbor 3.0. Essentially, in most scenarios, data transfers from the EU to the US are now permitted without the need for other mechanisms such as Standard Contractual Clauses (SCCs).
This is a Bulletproof Tech Talk article: original research from our penetration testing team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. Some readers may remember an article published by Bloomberg entitled "The Big Hack: How China used a Tiny Chip to Infiltrate U.S. Companies".
