Category Archives: Security Standards

Preparation makes perfect – how to pass Cyber Essentials PLUS first time

How to pass CE+ first time

 

 

 

 

 

 

 

 

As anyone who’s ever run a race will know, it’s all about the preparation. As the saying goes, ‘if you fail to plan – you plan to fail’. The Government’s Cyber Essentials (CE) scheme is no different, especially at the Cyber Essentials PLUS (CE+) level where more work is involved.

Ascentor is an accredited certification body for CE, licensed by the IASME Consortium. In every case where clients have followed our advice at CE+ level, they’ve passed first time. So, we thought we’d share some of our preparation tips and give an insight into our process. Continue reading “Preparation makes perfect – how to pass Cyber Essentials PLUS first time” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

The NIS Directive explained – compliance and guidance

NIS Directive explained

 

 

 

 

 

 

 

 

The Chinese have just celebrated the start of The Year of the Dog. But for anyone with responsibility for data security in their organisation, it’s very much ‘The Year of Regulation’. You’ll have heard plenty about the General Data Protection Regulation (GDPR), but what about the European Union’s other piece of security legislation, the Network and Information Security (NIS) Directive?

May is going to be a busy month in cyber security, with the NIS Directive being transposed into national law on 9th May, quickly followed by the GDPR on 25th May – as if you needed reminding. Continue reading “The NIS Directive explained – compliance and guidance” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

Measuring and understanding cyber security effectiveness – where do you start?

Cyber Security Measurement

 

 

 

 

 

 

 

 

“You can’t manage what you can’t measure.”

Peter Drucker

This classic quote from management guru Peter Drucker is equally applicable to the measurement challenge we face in information security. 

If we can’t (or don’t) measure, how can we identify if we’ve been successful with our security initiatives? For example, is a lack of security incidents an indication of success? If so, how can we demonstrate it? Likewise, without evidence of what is working (and where) – how can we justify often significant security expenditure – or indeed, make effective security decisions?

In this article we’ll take an introductory look at the use of metrics to measure cyber security effectiveness (sometimes also referred to as ‘security maturity’) with dashboards and benchmarking. We will also reference existing frameworks and models and provide links for you to explore in more depth. Continue reading “Measuring and understanding cyber security effectiveness – where do you start?” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

GDPR: What does the Regulation require when capturing consent?

GDPR: Capturing consent

 

 

 

 

 

 

 

 

The EU General Data Protection Regulation (GDPR) brings with it new requirements for the capture and use of consent to process personal data, along with new puzzles and misconceptions about the requirement for its use for data controllers.

Whilst we await publication of new guidance from the Information Commissioner’s Office on consent, we’re taking a look at the options around consent and the legality of processing data. Continue reading “GDPR: What does the Regulation require when capturing consent?” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

Seven steps to designing a resilient Cyber Security Programme

Cyber attack, data breach image in shape of an eye

 

 

 

 

 

 

 

 

The reality for most organisations is that, despite their best cyber defences, they are going to experience a cyber-attack at some point. A resilient cyber security programme is all about the ability to not only deter and resist attacks – but also to detect and recover from them, returning to normal operation with minimal downtime.

Government has urged all sectors of the UK business community to improve their resilience to cyber-attacks and has introduced several initiatives to support this – such as the Cyber Essentials Scheme (CES). Of necessity, these initiatives are supportive in nature – it is still down to individual organisations to put into place the necessary strategy and technology to improve their resilience to cyber-attack. Continue reading “Seven steps to designing a resilient Cyber Security Programme” »

avatar

Peter Curran

Principal IA Consultant at Ascentor

More Posts

Follow Me:
Twitter

Share

The one-stop guide to cyber security advice (Part 1)

Best cyber guides reviewed

 

 

 

 

 

 

 

 

It’s always the big cyber security attacks that steal the headlines, but dig a little deeper and there are everyday stories of hacker inflicted misery – many of which could have been prevented.

So, if you are increasingly concerned about the threat to your own data and are looking for advice, this guide is for you.

It’s part one of a two-part series reviewing the ‘best of’ the many respected sources of cyber security advice available, with some of our most popular articles included. Continue reading “The one-stop guide to cyber security advice (Part 1)” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

How to prepare your company for achieving List X

Top secret file

 

 

 

 

 

 

 

 

Here at Ascentor we get many companies asking us how they can become a List X company. The answer is always the same – it is not something that you can just do; you must have a contract, usually with the MOD, that requires you to hold sensitive government assets on your own premises. However, there are a few things you can do to prepare if you think a contract may be forthcoming.

This blog aims to give you a few hints and tips about some pragmatic steps you can take to get you up and running as a List X company much quicker. Continue reading “How to prepare your company for achieving List X” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share

Convince your board – cyber attack prevention is better than cure

Cyber attack ahead

 

 

 

 

 

 

 

 

There is a recurring message in many of the surveys about cyber security. It’s broadly this: a high number of businesses say that cyber security is an important issue – but a low number report any evidence of actually doing something about it.

The latest Cyber Security Breach Survey 2017 illustrates this perfectly. IPSOS MORI interviewed 1,523 UK businesses. In 74% of cases the directors or senior management said that cyber security is a high priority but only 20% currently provide staff with cyber security training – and only 33% have any formal policies in place. Continue reading “Convince your board – cyber attack prevention is better than cure” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

How to manage Building Information Modelling (BIM) implementation – Part 2 of 2

Building Information Management (BIM) image

 

 

 

 

 

 

 

 

In our first article on Building Information Modelling (BIM), we looked at what BIM is and the types of data at risk in building projects. We discussed the threat to digital information and why cyber security needs to be an integral part of construction and refurbishment projects.

In part two we look at the process itself – how to manage BIM implementation and why managing the risks to building information doesn’t stop at the end of the build. Continue reading “How to manage Building Information Modelling (BIM) implementation – Part 2 of 2” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

‘Not if but when’ – 2017 UK cyber security in focus

2017-uk-cyber-security

 

 

 

 

 

 

 

 

2017 is Ascentor’s thirteenth year in information risk management. Over the years we’ve helped public and private sector organisations address the challenging landscape of cyber security and information assurance. Each year brings different threats – those we already recognise evolve, others are completely new. At the same time the legislative horizon changes as new standards and regulations come into force.

We started 2017 by quoting a tweet from John Chambers, CEO of Cisco, that is as good as any in describing the challenges of the year ahead. “There are two types of organisation: those that have been hacked & those that don’t know they’ve been hacked.” So, it’s increasingly a case of ‘not if but when’ – and a lot of household-name organisations know how painful that felt last year. Continue reading “‘Not if but when’ – 2017 UK cyber security in focus” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share