๐Ÿ”’ Security Cyber2d ago

๐ŸŽฏ GRC isn't just for enterprises.

UK SMEs face the same threats with fewer resources.

That's exactly why Tier 1 scanning exists.

๐Ÿ—๏ธ Attack surface mapping โ€” know what you're missing. securitycyber.uk/blue-team

#CyberEssentials #GRC #Compliance #UKBusiness #RiskManagement #SecurityCyber

RichBartlett May 11
I laugh when I see organisations contorting themselves to comply with #cyberessentials (the governments own Cyber Security standard) whilst the cabinet and number 10 use Twitter, WhatsApp and personally owned devices apparently without a care in the world!
Outpost24Apr 24

๐—–๐˜†๐—ฏ๐—ฒ๐—ฟ ๐—˜๐˜€๐˜€๐—ฒ๐—ป๐˜๐—ถ๐—ฎ๐—น๐˜€ ๐˜ƒ๐Ÿฏ.๐Ÿฏ: From 27 April 2026, NCSC introduces a new self-assessment question set (Danzell) with tighter scope, clearer wording, and stricter evidence requirements.

The changes apply to all UK organizations handling business or customer data on internet-connected systems, and to suppliers bidding for government or public sector contracts where certification is mandatory.

๐Ÿ”ต Read more: https://outpost24.com/blog/cyber-essentials-v3-3-guide-compliance/?utm_source=linkedin&utm_medium=social&utm_campaign=linkedin_social_global

#CyberEssentials #RiskManagement #NCSC

alApr 20
What does "digital sovereignty" actually mean -- and what doesn't it mean?
We use the phrase a lot at @hauntedlighthouse. So here's our position, written down clearly.
Jurisdiction. Audit trails. Knowing who can be compelled by a court order to hand over your data. Not nationalism. Not isolationism. Not a routing table with opinions.
https://sovereignauditor.substack.com/p/what-digital-sovereignty-means-to
#DigitalSovereignty #DataProtection #CLOUDACT #CyberEssentials #IsleOfMan #InfoSec #Privacy #GDPR
What Digital Sovereignty Means to Us (And What It Doesn't)

The phrase โ€œdigital sovereigntyโ€ has been doing the rounds lately -- and not always in ways that are particularly illuminating. So it seems like a reasonable moment to say clearly what we mean when we

The Sovereign Auditor
alApr 19
MI5 is briefing CNI operators. The Technology Secretary says firms have months to prepare. On the Isle of Man, the biggest unaudited risk isn't your firewall -- it's your IT provider. The Island has been here before. https://open.substack.com/pub/sovereignauditor/p/the-island-has-been-here-before
#CyberSecurity #IsleOfMan #Mythos #CyberEssentials #DataProtection #NCSC #SovereignAuditor
The Island Has Been Here Before

And the firm that got breached probably thought its IT was fine.

The Sovereign Auditor
alApr 17

We called out Anthropic's Cyber Verification Program this morning as opaque gatekeeping. Then we applied. Approval came in under an hour. A Cyber Essentials cert and three honest sentences about what you actually do was sufficient. If you do legitimate security work and haven't applied -- the barrier is lower than it looks. https://open.substack.com/pub/sovereignauditor/p/if-you-dont-ask-youll-never-find

#CyberSecurity #CyberEssentials #Anthropic #Claude #AI #InfoSec #DataProtection #IsleOfMan

If You Don't Ask, You'll Never Find Out.

Anthropic's Cyber Verification Program: what it actually takes to get approved.

The Sovereign Auditor
alApr 16
Ireland's NCSC says defenders have the advantage. Their own director told the Oireachtas it's a race the frontier moves every week. Both true. Together they define a window. At Present -- on the Mythos moment and what "at present" actually means. https://open.substack.com/pub/sovereignauditor/p/at-present
#CyberSecurity #AIGovernance #Mythos #CyberEssentials #DataSovereignty
At Present

โ€œAt present the advantage is with cyber defenders.โ€

The Sovereign Auditor
alApr 14
Zero detections across 69 AV engines for a credential stealer delivered via a fake Windows Update site. WiX MSI, Electron wrapper, hidden Python runtime. Every layer legitimate. The evasion is architectural, not accidental. "We have AV" is not a compliance answer -- here's what is. https://sovereignauditor.substack.com/p/zero-detections-does-not-mean-clean #infosec #cybersecurity #CyberEssentials #patchmanagement
Zero Detections Does Not Mean Clean

A fake Windows Update site is delivering a credential stealer that 69 antivirus engines missed entirely. The technical construction is deliberate and instructive.

The Sovereign Auditor
BergerodeCyberMar 26

Today @bergerode_cyber are at the latest Lancashire Partnership against Crime expo, Ewood Park, Blackburn Rovers

Come and see us!

#cyberessentials
#cyberessentialsplus
#defencecybercertification

alFeb 19

The Haunted Lighthouse Limited has achieved Cyber Essentials certification (whole organisation scope).

Assessed under the IASME scheme, aligned with the UK National Cyber Security Centre baseline controls. Sensible fundamentals: patch management, MFA, least privilege, secure configuration, and disciplined backup practices.

Not glamorous, just solid security hygiene.

The lighthouse is officially audited.

#CyberEssentials #IASME #NCSC #CyberSecurity #InfoSec #SmallBusiness #PrivacyFirst