Category Archives: Security controls

Cyber Insurance – can you ever be fully covered?

Cyber insurance image

 

 

 

 

 

 

 

 

Whether it be from hackers, careless employees, malicious insiders or ransomware (pick your own threat list) – organisations are under increasing risk of cyber attack. And, wherever there is a risk – there’s the option of insurance.

Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), has been around for over a decade. Now, as cyber threats grow, cyber insurance looks set to join other business insurance policies in the risk management toolkit. But, can it really adequately compensate against the consequences of an attack? Continue reading “Cyber Insurance – can you ever be fully covered?” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

5 ways to spring clean your cyber security

Cyber spring clean

 

 

 

 

 

 

 

 

 

Spring is here, the evenings are getting lighter. It’s a time when we clean and refresh for the year ahead. It’s also a time for renewal and optimism – but if there’s one area that we don’t want to experience the joys of spring it’s cyber crime.

Cyber criminals can threaten our personal security, steal intellectual property, create and distribute viruses and disrupt our critical national infrastructure. They can also target and manipulate employees (the Insider Threat) – sometimes with their co-operation, sometimes without their knowledge and attacks can remain undetected sometimes for months. Continue reading “5 ways to spring clean your cyber security” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

An ounce of prevention could be worth a ton of cyber attack cure

Cyber attack prevention or cure

 

 

 

 

 

 

 

The cyber attack on TalkTalk last year is estimated to have cost the company around £60m. Despite initial claims that the attack was ‘sophisticated’, it transpires that it was conducted by children from their homes. Not so much sophisticated as sofa-sticated!

Blaming an attack on very capable and well-resourced attackers tries to convince customers that nothing much could have been done to prevent it from happening – it’s just one of things that you have to accept if you’re going to do business in the cyber world. We disagree – there is much that can be done with a little awareness and application. Continue reading “An ounce of prevention could be worth a ton of cyber attack cure” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share

“In cyber security there is no front line” – An update to the Cyber Security Model

Trench image

 

 

 

 

 

 

 

For suppliers to the MOD, change is coming. The planned roll out of CSM in August of 2016 has been delayed. We are now expecting the Cyber Security Model (CSM) to be rolled out to large suppliers from January 2017 – with a full launch by April. FATS (a commercial MOD framework) will also go live in April and it is expected to include the contractual aspects of CSM.

To be compliant with the requirements of the CSM, the MOD supply chain will need Cyber Essentials or Cyber Essentials Plus and have information security governance policies in place. 

Ascentor strongly recommend that defence industry companies prepare for CSM by gaining certification to Cyber Essentials in advance – so they are ready to respond to the new contract requirements. In our experience, the larger the business, the more complex and time consuming the process. Don’t delay and put future contracts at risk.

For assistance on any aspect of CSM or Cyber Essentials, please contact Dave James at Ascentor info@ascentor.co.uk

The following article will tell you more about the CSM…


In August 2015 Ascentor first highlighted the proposals from the MOD to manage the risk to its information from supply chain companies by introducing the Cyber Security Model (CSM). The CSM is a methodology to assess the cyber risk for individual contracts which then mandates that suppliers meet a consistent standard of cyber security.

To update our coverage of CSM, we look at recent developments ahead of the planned roll out, now expected at the end of July 2016. Continue reading ““In cyber security there is no front line” – An update to the Cyber Security Model” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Cutting through the confusion: Government Information Assurance changes explained (part 3 of 3)

Lost and confused signpost

 

 

 

 

 

 

 

Part 3 of 3. This is the third in a series of blog articles where Ascentor discusses some of the recent UK Government Information Assurance changes – and what they mean for you.

Written to be concise, they explain the essential ‘need to know’ facts and implications with links to read further should you wish.

This time our lens has a European focus as we cover two EU regulations that could have a significant impact on the protection of UK data.

In part 3 of the series, we look at:

  • Safe Harbor and Privacy Shield
  • The EU General Data Protection Regulation (GDPR)
  • The Certified Cyber Security Consultancy (CCSC) scheme

Continue reading “Cutting through the confusion: Government Information Assurance changes explained (part 3 of 3)” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

CLAS Consultancy is dead – long live the CCSC scheme?

Certified Cyber Security Consultancy

 

 

 

 

 

 

There is a new name in the information assurance (IA) consultancy world. It’s the Certified Cyber Security Consultancy (CCSC) scheme – launched in June 2015, and sponsored by CESG, with the first cohort of consultancies recently being announced.
Continue reading “CLAS Consultancy is dead – long live the CCSC scheme?” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

10 Top Tips for Writing Information Risk Appetite Statements

Cyber risk imageYou’ve probably heard risk managers and accreditors bang on about having risk appetite statements but have you ever actually seen one? If you have, the chances are it was fairly bland and practically worthless. So, if you’re ever required to produce one, where on earth do you begin? Continue reading “10 Top Tips for Writing Information Risk Appetite Statements” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share

VPNs – a secure way to call home?

iStock_000035084458_MediumMost business users are familiar with the VPN, the must-have reach-back mechanism that allows us to work from home, a train, a coffee shop.  The VPN allows us to securely connect to our company’s network and access email, documents, applications – even VOIP and video conferencing. But how secure are the low-cost, consumer focused providers and the transition tools on every network?
Continue reading “VPNs – a secure way to call home?” »

avatar

Peter Curran

Principal IA Consultant at Ascentor

More Posts

Follow Me:
Twitter

Share

What is ‘IL3’ and why are so many searching for it?

G-Cloud accredited Il3Each month, the term ‘IL3’ is one of the highest search queries that brings visitors to the Ascentor website – and it’s been this way for some time. In fact, a search for ‘IL3’ on Google lists Ascentor in the 1st, 2nd and 3rd rankings. However, with the recent demise of the IS1/2 standard, there was an expectation that the search term would no longer be relevant – but our visitor numbers disagree. So, what is ‘IL3’, why are people still searching for it and could there be more appropriate search options?

This article looks at the history of Impact Levels (ILs), examines how they were misused and suggests alternative search terms and phrases you may also find helpful. Continue reading “What is ‘IL3’ and why are so many searching for it?” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share

How NOT to Protect Your Information From Cyber Criminals (Infographic)

infographic_finalaw_2

Continue reading “How NOT to Protect Your Information From Cyber Criminals (Infographic)” »

avatar

Dave James

Information Risk Management expert and Managing Director of Ascentor

More Posts

Follow Me:
Twitter

Share

Latest Insights

Recent Comments

    • Barry Harvey: It is perhaps surprising to hear that a generation we think of as being tech savvy is anything but....
    • David Conway: I can imagine that, even at this stage, many businesses will still be blissfully unaware of this...
    • Sonja Jefferson: Are you going to be offering that training for ‘normal, non-techie people that now have...
    • Dave James: @Colin Robbins: Yes, Its really illumintaing isnt’t it. Provides a bit of context to the recent...
    • Colin Robbins: Very interesting report. I find it staggering that 26% of companies had not briefed their boards on...
  •  
    Buy Cialis in UK