Information Security

Security Audit

A systematic evaluation of an organisation's information system security by measuring compliance with established criteria.

Compliance Framework

A structured set of guidelines and best practices for meeting regulatory requirements and industry standards.

ISO 27001

An international standard for information security management systems specifying requirements for establishing and maintaining security.

SOC 2

An auditing framework that evaluates the security, availability, processing integrity, confidentiality, and privacy of service organisations.

NIST Cybersecurity Framework

A set of voluntary guidelines for managing and reducing cybersecurity risk developed by the US National Institute of Standards.

Cyber Insurance

Insurance coverage protecting organisations against financial losses from cyberattacks, data breaches, and related incidents.

Threat Modelling

A structured approach for identifying, quantifying, and addressing security threats to a system or application.

Security by Design

An approach that integrates security considerations into every stage of the software development lifecycle.

DevSecOps

An approach integrating security practices within the DevOps process, making security a shared responsibility.

Software Supply Chain Security

Practices and tools that protect the integrity of software components, dependencies, build pipelines, and distribution channels from compromise and tampering.

Cloud Security Posture Management

Automated tools that continuously assess cloud infrastructure configurations against security best practices and compliance requirements, identifying and remediating misconfigurations.

Authentication methods such as FIDO2 passkeys and hardware security keys that are immune to phishing attacks because credentials are cryptographically bound to the legitimate service.

The practice of reporting security vulnerabilities to software vendors so they can be fixed before public exploitation.

The total number of points where an unauthorised user can try to enter or extract data from a system.

Evidence-based knowledge about adversary capabilities, infrastructure, motives, and tactics that informs security decisions and enables proactive defence against cyber attacks.

Malicious software designed to disrupt, damage, or gain unauthorised access to computer systems.

A targeted phishing attack directed at specific individuals or organisations using personalised deceptive content.

A cloud architecture that converges networking and security services including SD-WAN, firewall, and zero trust access into a unified cloud-delivered platform.

An attack where the attacker secretly relays and potentially alters communication between two parties.