Black Arrow Cyber Consulting
0

Blog

Our weekly Cyber Flash Briefing round up of top open source news and ‘Cyber Tip Tuesday’ videos

Posts tagged jfsc
Black Arrow Cyber Threat Briefing 15 March 2024

Black Arrow Cyber Threat Intelligence Briefing 15 March 2024:

-Mind The Gap - Mimecast Report Finds Humans Are Biggest Security Flaw

-Three-Quarters of Cyber Victim Are SMBs - Why SMBs are Becoming More Vulnerable

-Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc

-UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’

-Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024

-Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture

-Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

-Independent Cyber Security Audits Are Powerful Tools for Boards

-Navigating Cyber Security in The Era of Mergers

-Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm

Read More
Black Arrow Adminivanti, github, mimecast, sophos, joint committee on the national security strategy, jcnss, identity theft resource center, allianz, lockbit, sec, securities and exchange commission, blackberry, midnight blizzard, kremlin, ibm, notpetya, merck, fcc, ipsos, bianlian, stopcrypt, british library, stanford university, black basta, unitedhealth, equilend, nissan, dropbox, chatgpt, magnet goblin, windows smartscreen, darkgate, remcos, redline, pixpirate, sceiner smart lock, jfsc, 23andme, play, lastpass, tiktok, dora, pci dss 4.0, volt typhoon, alabama, pypi, microsoft sccm, hyper-v, fortinet, fortios, fortiproxy, forticlient, sap, adobe, confluence, qnap, marinemax, cisco, wordpress, amd, intel, japan, wef, world economic forum, sans, cyber solidarity act, cyber resilience act, meta, nsa, switzerland, lithuania, us army, okta, france, french, black arrow cyber, black arrow, threat intelligence, osint, ncsc, national cyber security centre, cpni, mi5, gchq, cert, nca, national crime agency, europol, interpol, enisa, nato, cyber, information security, it security, cyber warfare, russia, north korea, china, iran
The Board, not IT, is responsible for Cyber and Information Security

Welcome to this week's Black Arrow Cyber Tip Tuesday.

In our articles in Business Brief magazine and the Guernsey Press, we have consistently highlighted that the Board, not IT, is responsible for Cyber and Information Security.

The financial services regulators in the Channel Islands have also made that very clear.

The GFSC has warned that “Cyber and information security should be taken seriously by the Board and included along with more established risks within a firm’s overall strategy for risk management”.

And the JFSC has told businesses that “As a registered person, the Codes of Practice require you to understand and manage risks, including cyber-security risks, which could affect your business or customers”.

Read More
Black Arrow Admincyber, cyber security, infosec, information security, video, tip tuesday, regulators, regulations, regulated financial service firms, gfsc, jfsc, guernsey, jersey, neds, directors
Regulatory Expectations around Cyber and Information Security - Cyber Tip Tuesday video for 11 August 2020

Welcome to this week's Black Arrow Cyber Tip Tuesday. We have talked before about how the regulators like the Guernsey GFSC and the Jersey JFSC expect Boards to take Cyber and information security seriously by the Board just as they do with more established risks, and that Directors are required to understand and manage those risks. So, how can a Board evidence this. The clearest way is to schedule a regular review of a cyber security report at Board meetings. That report should contain a few sections with brief and focused content that is explained in terminology that all business leaders can understand. One of those sections is a dashboard with key indicators about the risks that the business faces, and the controls that are in place to mitigate those risks to match the organisation’s risk appetite. We recommend that organisations structure their risks and controls based on one of the globally recognised frameworks, for example NIST or ISO 27001. In fact, the forthcoming regulations from the GFSC are based on the NIST framework. So, the dashboard would also be structured to match that same framework, to ensure everything this covered. The Board members should be sufficiently knowledgeable about these topics to be able to question whether things are as good as the dashboard says they are, and whether the rating should be Amber instead of Green. Or, whether the RAG threshold is appropriate for their business. And that challenge in the Board room should be minuted for future reference. You don’t need to be an expert, but you do need to have a good understanding of the basics, and your independent trusted advisors can support you on the details. Contact us to see how we can help you achieve what the regulators require of you.

Read More
Black Arrow Admincyber, information security, infosec, gfsc, jfsc, regulations, regulated financial service firms, governance, boards