Lucia Turner

Lucia Turner joined the Cydea team after graduating from a cyber related course with a placement year working in an Information Security team within the financial services sector. Certified in CompTIA’s Security+ and a Lead Implementer in ISO 27001, Lucia takes a positive security approach working with businesses to reinforce cyber security and defend against cyber risk.

Get in touch:

Lucia's posts

Why is everyone talking about zero trust?

You might have heard people saying: “Never trust, always verify”. It suggests that, by default, users or devices should not be trusted, even if they have been verified previously.

The importance of supply chain security

All businesses have a supply chain, no matter what size of business you are. As businesses grow, their supply chain is likely to grow even further.

What is social engineering?

“Social engineering” is when threat actors use manipulation and deception to persuade a victim into doing either revealing something (such as credentials) or doing something (such as transferring money).

Staying true to your policies and standards

Most organisations have a set of policies and standards that govern how they respond to security incidents and threats. It’s all well and good having them in place but ensuring you use them is what’s important.

The paths into cyber security consulting

At Cydea, we’ve all taken different approaches to get into cyber security consulting. Cydea’s approach when recruiting has always focused on demonstrating your passion for positive security and your drive to help clients, it’s not about being the “finished article” or having followed what’s considered the ‘traditional’ path into cyber security.

What is ISO 27001?

It’s the gold standard ISO 27001 is a standard that describes how organisations can implement an ‘information security management system’ (ISMS) to govern and manage their information security risk.

Selecting a control framework

There’s no “right” control framework, it’s about finding what works best for you. Control frameworks are used to improve cyber security posture and manage cyber security risks.

Thoughts on the updated ISO 27002

In my previous blog post, we looked at the latest changes to ISO 27002. This included the changes to the controls with the new additions and the attributes table.

Risk Advisory: LastPass Data Breach

Cydea’s risk advisories are intended for senior management to aid their understanding of current events and the cyber risk posed to their organisations.

What you need to know about the newest changes to ISO 27002

ISO 27002 is an international standard that defines a range of information security controls that can be used to manage risk.

Certification is about rules, compliance is about trust

Various schemes and standards exist to provide assurance of baseline controls and good cyber security practices within an organisation. They may be internationally recognised such as ISO 27001, or even government backed, like the UK government scheme Cyber Essentials or IASME Governance.

How to develop cyber security consciousness

Good security depends on people being aware about security issues. A good way to minimise cyber risk is by encouraging people to be more security conscious in the first place.

Risk Advisory: Log4Shell Remote Code Execution Vulnerability

Cydea’s risk advisories are intended for senior management to aid their understanding of current events and the cyber risk posed to their organisations.