Category: researchblog

As artificial intelligence (AI) continues to advance and permeate various industries, it brings about significant benefits and transformative capabilities. However, along with its tremendous potential, AI could also impact organisations’ cyber risk profile by introducing new risks which have not been previously considered. In this article, we will explore the growing threats associated with AI, […]

In this second part of our two-part blog we will discuss the requirements to correctly classify your data. Following on from part one once the identification and classification of your data has been completed you need to focus upon data handling. Establish Data Handling Requirements There are numerous forms of technical, operational and management controls […]

A crucial first step towards ensuring your data is secure is to identify and classify your information assets. Without considering these tasks you will neither know where your assets are nor how to keep them secure. Information · which assets are more valuable than others · which assets require additional security controls Failure to classify […]

The Network and Information Systems (NIS) Regulations, aimed at raising levels of cyber security and resilience of key systems across the EU, came into force on 10th May 2018. On 16th January 2023, the NIS2 Directive came into force. The NIS2 Directive rescinds the original NIS Directive and creates a more extensive and standardised set […]

Changes in the ISO 27001: 2022 Revision Overview The new version of the ISO 27001:2022 standard was released in October 2022, following the release of the revised ISO 27002:2022 guidance in February 2022. Organisations have 3 years to transition from ISO 27001:2013 to ISO 27001:2022, with the deadline being October 2025. Many organisations are expected […]

Author: Flaviu Popescu – Technical Consultant Introduction There are times as a penetration tester that you find something unique. It may not be unique in the field of cyber security but unique to the tester themselves. This was one of those times. During testing on a web application, a couple of interesting discoveries were made. […]

PCI DSS v4.0 introduced some changes to each of the self-assessment questionnaires (SAQs). There is no change to the list of self-assessment questionnaires, and they have broadly the same eligibility criteria. Below is a summary table showing the SAQs and the number of requirements for each of the related PCI DSS versions. Although it seems […]

Risk management is at the heart of information security and should be at the forefront of an organisation’s information security program.  The term risk management covers all the activities associated with identifying, quantifying, and addressing the risks associated with threats and vulnerabilities.   In security a risk is defined as the potential for negative impact on […]

Author: Flaviu Popescu – Technical Consultant Introduction There are times as a penetration tester that you find something unique. It may not be unique in the field of cyber security but unique to the tester themselves. This was one of those times. During testing on a web application, a couple of interesting discoveries were made. […]

Author: Oliver Carrigan – OT Security Consultant Introduction The Phoenix Contact AXC F 2152 is a Linux based industrial controller used within harsh industrial environments to control industrial processes such as manufacturing lines and building management systems. The controller was seen to be vulnerable to a restart vulnerability (CVE-2021-34570) which would allow an unauthenticated attacker […]