Blog

We regularly post our thinking here because ideas are best shared. It might be our approach to solving a problem (we’re not fans of reinventing the wheel!), perhaps simply something else entirely that has piqued our interest! We cover methods for cyber risk assessment, approaches for cyber risk quantification, tools and templates for cyber risk management, tips for running successful security programmes, and much more!

You can join us at @cydeaHQ on Twitter, or our LinkedIn page to discuss any of our posts. If you’d like to know each time we add a new post, you can subscribe for notifications and a few other choice bits of content.

...
Managing portfolio cyber security

A few weeks ago, we brought together people from private capital to discuss cyber security in portfolios and how value creation steers it.

Continue reading...
...
How we view assets

The first thing we usually ask new clients is: What are you defending? Exploring that simple question allows us to understand how clients consider, and value, their assets.

Continue reading...
...
Startup cyber security requirements

As a startup, it can be overwhelming to know where to start when it comes to cyber security, and the approaches adopted by larger organisations are often not suitable to be applied on a smaller scale as they are both costly and resource intensive.

Continue reading...
...
Why you should have Incident Response playbooks

Cydea’s Incident Response plan template Incident, n: “An event that is either unpleasant or unusual.” – Cambridge English Dictionary How confident do you feel that, if your company was hit by a cyber incident, you and your team know what to do, and in what order?

Continue reading...
...
Risks without impacts: attack path analysis

A little while ago, I was presented with a familiar problem statement from a Cydea client who was a cyber security manager at a large organisation: “There’s a new cyber vulnerability in the Operating System we use on the handheld devices used by our engineers out in the field; how do I communicate the resultant change in risk profile to the organisation?

Continue reading...
...
What is ISO 27001?

It’s the gold standard ISO 27001 is a standard that describes how organisations can implement an ‘information security management system’ (ISMS) to govern and manage their information security risk.

Continue reading...
...
Risk Advisory: Microsoft Outlook Elevation of Privilege Vulnerability

Cydea’s risk advisories are intended for senior management to aid their understanding of current events and the cyber risk posed to their organisations.

Continue reading...
...
Joining Cydea - reflections one month in…

New joiner apprehension… Joining any new team brings a group of thoughts and, in turn, feelings that are often contradictory. There’s a glimpse of excitement challenged with a hint of anxiety, a splatter of apprehension with a smudge of confidence.

Continue reading...
...
The link between risk scenarios and detection use cases

Earlier last year, I delivered a webinar on the importance of mapping risks and understanding threat coverage for a successful security monitoring strategy.

Continue reading...
...
How we work together

More and more businesses are adopting a hybrid working model, driving the need for collaborative tools to facilitate remote team working.

Continue reading...
...
Selecting a control framework

There’s no “right” control framework, it’s about finding what works best for you. Control frameworks are used to improve cyber security posture and manage cyber security risks.

Continue reading...
...
Why cyber risks should belong to business decision makers and not the IT department

Risk management is an essential part of business. It heavily relies on two things: a way of qualifying/quantifying risks pertaining to a certain area of the business, and a decision being made on the method of treatment for each risk.

Continue reading...
...
Thoughts on the updated ISO 27002

In my previous blog post, we looked at the latest changes to ISO 27002. This included the changes to the controls with the new additions and the attributes table.

Continue reading...
...
Risk Advisory: LastPass Data Breach

Cydea’s risk advisories are intended for senior management to aid their understanding of current events and the cyber risk posed to their organisations.

Continue reading...
...
What you need to know about the newest changes to ISO 27002

ISO 27002 is an international standard that defines a range of information security controls that can be used to manage risk.

Continue reading...