Follow NCC Group Newsroom

Tags

Are you FedRAMP Ready?

Are you FedRAMP Ready?

Blog posts   •   May 14, 2020 20:12 BST

For Cloud Service Providers (CSPs) with dreams of seeing their Cloud Service Offering (CSO) in use by all federal agencies, FedRAMP Ready will be essential. We've put some thoughts together on what organisations need to consider when taking on a FedRAMP Readiness assessment.

The Impact of COVID-19 for PCI-DSS Assessments

The Impact of COVID-19 for PCI-DSS Assessments

Blog posts   •   May 08, 2020 06:51 BST

In light of the current COVID-19 pandemic and current travel restrictions, the PCI Security Standards Council has lightened the on-site restrictions to be something a bit more pragmatic.

Now is the time to CyberUp – making the Computer Misuse Act fit for the 21st century

Now is the time to CyberUp – making the Computer Misuse Act fit for the 21st century

Blog posts   •   May 01, 2020 16:49 BST

As the CyberUp Campaign launches to continue the quest for reform of the UK’s Computer Misuse Act 1990, NCC Group’s Head of Public Affairs, Kat Sommer, reflects on the journey towards legislative reform and why, despite any obstacles, the progress to date is creating a sense of momentum to build on and carry forward.

The location’s changed but the rules haven’t: Maintaining cardholder data security standards while remote

The location’s changed but the rules haven’t: Maintaining cardholder data security standards while remote

Blog posts   •   Apr 21, 2020 06:40 BST

​Where organisations provide contact centre services, the move to remote working has posed particular challenges to both ensuring that the right tools are available and managing the risks associated with agents who will be handling cardholder data. We’ve outlined some of the key considerations to help you navigate this change.

5 steps to getting FedRAMP right (the first time)

5 steps to getting FedRAMP right (the first time)

Blog posts   •   Apr 06, 2020 22:36 BST

A FedRAMP Authority to Operate (ATO) is a must-have for any company offering cloud services to Federal Agencies in North America. To get there, you need a solid plan that includes top-down support for funding and process changes, a good understanding of your company’s internal processes, and of course, the right partner.

Can you have too much security? How to be in the "Goldilocks" zone

Can you have too much security? How to be in the "Goldilocks" zone

Blog posts   •   Apr 03, 2020 11:25 BST

How too much security can actually lead to too little and how by finding your Goldilocks Zone you can get it "just right".

Being Part of a Neurodiverse Community

Being Part of a Neurodiverse Community

Blog posts   •   Apr 02, 2020 17:54 BST

"Within NCC Group and the broader cyber security sector, neurodiversity is common to see. I am one of several people at NCC Group who have a form of autism and there are many more that make up our own neurodiverse community." An article written by a NCC Group colleague about life and work as part of a neurodiverse community.

Why your PCI assessment might be different this year

Why your PCI assessment might be different this year

Blog posts   •   Apr 02, 2020 14:47 BST

Your Qualified Security Assessor (QSA) may come across new findings while conducting an annual Payment Card Industry (PCI) assessment. Shifting industry trends, requirements changes, and the "the human factor" are just a few of the reasons why this might happen.

Living and working with Asperger’s Syndrome

Living and working with Asperger’s Syndrome

Blog posts   •   Apr 01, 2020 13:40 BST

"When I was diagnosed at 15 years and nine months with Asperger’s Syndrome it was hard to conceive the ways in which my ‘Individual Needs Assessment’ would go on to play a role during my Higher Education and how it still continues to shape how I live and work today." An article written by a NCC Group colleague about living and working with Asperger's Syndrome.

Are you ready for the Cybersecurity Maturity Model Certification (CMMC)?

Are you ready for the Cybersecurity Maturity Model Certification (CMMC)?

Blog posts   •   Mar 27, 2020 14:28 GMT

Are you ready for the Cybersecurity Maturity Model Certification (CMMC)? In a recent webinar, our very own Jeff Roth provided details around the CMMC, its maturity models, and how it’s likely to evolve in the coming months.

Are You Evaluating Your Target Acquisition Through the Cyber Security Lens?

Are You Evaluating Your Target Acquisition Through the Cyber Security Lens?

Blog posts   •   Mar 12, 2020 18:05 GMT

In conducting due diligence during a Merger & Acquisition (M&A) transaction, cyber security considerations often take a backseat to evaluating revenue multipliers, cost synergies, and operating efficiencies.

The Zero Trust Model: Security Inside and Out (Part 2)

The Zero Trust Model: Security Inside and Out (Part 2)

Blog posts   •   Feb 26, 2020 11:53 GMT

Part 2 of “The Zero Trust Model: Security Inside and Out” provides guidance around how to gain stakeholder support to adopt the Zero Trust security model.

The Zero Trust Model: Security Inside and Out (Part 1)

The Zero Trust Model: Security Inside and Out (Part 1)

Blog posts   •   Feb 17, 2020 17:21 GMT

Could trusting no one be the key to data security? In this two-part series, we’ll examine how a Zero Trust model removes implicit trust in the traditional “trust but verify” model, as well as give insight into: • Advantages of the Zero Trust model • Guidance around implementing Zero Trust within your organization • Potential roadblocks and how to secure stakeholder support

Three things we (still) care about in 2020

Three things we (still) care about in 2020

Blog posts   •   Jan 20, 2020 10:13 GMT

January is a time for reflection, which most companies try to tap into by spamming you with predictions for the upcoming year, New Year’s resolutions and new solutions to old problems. My marketing department have convinced me to jump on the bandwagon, however ...

Which security framework is right for you?

Which security framework is right for you?

Blog posts   •   Jan 15, 2020 23:59 GMT

One of the problems that cyber security stakeholders face is the overabundance of tools and processes. Just Google “firewall providers” and you are deluged with information; replace firewall with any other tool (anti-virus, phishing simulation, intrusion detection system, and the like) and the results are similar.

Lessons from blockbusters: What Hollywood can teach us about cyber security

Lessons from blockbusters: What Hollywood can teach us about cyber security

Blog posts   •   Dec 18, 2019 21:57 GMT

Few things capture the imagination like movies. From epic dramas to tearful romances, from everyday travails to futuristic science fiction, from chilling horror to feel-good comedy, Hollywood is our great escape into the land of make believe. Here are some of my favorite movies, the lessons they taught us as moviegoers, and the lessons that translated for me as a cyber security consultant.

Trust, but verify (your third-party vendors)

Trust, but verify (your third-party vendors)

Blog posts   •   Dec 11, 2019 16:48 GMT

For a company focused on core operations and meeting the needs of its stakeholders, it makes financial sense to handover non-core functions to third-party vendors. Unfortunately, this introduces a whole new element of risk in the company’s ecosystem – third party risk, of which cybersecurity is a critical component.

A technical review of connected toy security

A technical review of connected toy security

Blog posts   •   Dec 10, 2019 05:19 GMT

Matt Lewis explains more on the assessment undertaken for the consumer choice organisation Which? to assess the security of seven popular electronic and connected toys in the run up to Christmas 2019.

Virtual Payment Cards, in scope or out-of-scope for PCI DSS?

Virtual Payment Cards, in scope or out-of-scope for PCI DSS?

Blog posts   •   Dec 08, 2019 19:02 GMT

With increased demand for virtual card capabilities from Australian businesses, merchants and service providers, we keep being asked by our customers whether virtual payment cards are subject to Payment Card Industry Data Security Standard (PCI DSS). If they are, what would be the impact and their obligation against the payment standard? Mohammad Daneshvar explores...

The best way to improve your cyber security? Outline where you are now and roadmap to your target state.

The best way to improve your cyber security? Outline where you are now and roadmap to your target state.

Blog posts   •   Dec 04, 2019 18:16 GMT

As anyone working in cyber security knows, 100% threat prevention/mitigation is a myth. One question we hear time and time again is, “how much security is enough?” Sourya Biswas explains why there are so many different ways to answer this...