Winter Reads: Our 10 Favourite ISMS.online Blogs of 2024

2024 has been a banner year for developments in information security, including standards and regulations. Artificial intelligence (AI) has seen significant growth globally, with new regulations either coming into force or being considered in response to the technology’s capabilities. The EU Artificial Intelligence (AI) Act came into force on August 1st, while the US has developed legislation and regulations at a state level rather than federal level.

More broadly, 2024 saw Australia release a new Cyber Security Strategy and Cyber Security Act intended to position the country as a global leader in cybersecurity by 2030. The US shared its strategy to build a stronger, more secure digital ecosystem across the globe with its International Cyberspace and Digital Policy Strategy.

As the world of cybersecurity continues to change at pace, our contributors have shared their expert insights and updates on new developments. In this blog, we share our top ten favourite Winter Reads to help you keep up with regulatory and legislative developments as well as key global news.

The CrowdStrike Outage: A Case for Reinforcing Incident Response with ISO 27001

In July, a botched software update by CrowdStrike led to a global IT outage that impacted everything from airlines to critical healthcare systems. The incident highlighted the need for organisations to establish and implement incident response protocols, as well as enhance their security posture.

In this blog, Rene Millman discusses the events that led to the outage, who was affected and why understanding and addressing potential vulnerabilities in your supply chain is so important. He outlines:

✅ The impact of the CrowdStrike incident and how it was resolved

✅ How information security standards like ISO 27001 can help businesses develop robust incident response plans

✅ How ISO 27001 best practices enable organisations to increase resilience and improve risk management and mitigation.

Read the Blog

What the EU AI Act Means for Your Business

Although the EU AI Act is a European Union law, British technology companies looking to offer their AI services and models in the EU market still need to comply.

In this blog, Nicholas Fearn looks at the impact of the EU AI Act on UK businesses and discusses:

✅ The critical updates in the final version of the Act

✅ Potential changes UK organisations will need to make to their compliance programmes

✅ How companies can use ISO 42001 to streamline their EU AI Act compliance.

Read More

How Businesses Can Prepare for the Implementation of DORA

The EU Digital Operational Resilience Act (DORA) is set to apply to businesses from January 17^th, and aims to boost the cybersecurity of financial institutions as well as third-party ICT service providers. UK businesses that supply financial or ICT services to European clients will also need to comply with the act to continue doing business in the EU.

Nicholas Fearn looks at how businesses can prepare for DORA and ensure compliance with the legislation in this blog, including:

✅ The importance of taking a structured approach to compliance and ensuring your organisation meets DORA obligations before the deadline

✅ How UK businesses can increase overall market competitiveness by adhering to DORA

✅ Why organisations must perform thorough due diligence on their third-party ICT service providers to manage outside risk factors

✅ How best practice frameworks like ISO 27001 can provide a baseline for meeting DORA requirements.

Read the Blog

How Businesses Can Comply with NIS 2 Ahead of its October Deadline

The second iteration of the EU’s Network and Information Systems (NIS 2) directive was implemented in October this year. The new and updated directive provides legal measures that aim to improve the collective cybersecurity of every EU member state, including tackling cybercrime and facilitating cybersecurity intelligence sharing and cooperation.

Nicholas Fearn shares how businesses can ensure compliance with the NIS 2 directive in the blog, discussing:

✅ How NIS 2 and its risk management and reporting requirements impact UK organisations

✅ The advantages of a strong cybersecurity posture and improved cyber resilience

✅ Steps that impacted businesses can take to assess their cyber posture, evaluate supply chain risks and ensure compliance.

Read More

Everything You Need to Know About ISO 45001

ISO 45001 is an international occupational health and safety standard, providing a framework for organisations to implement and continually improve an occupational health and safety management system.

In our in-depth guide, Christie Rae outlines everything you need to know about the standard, including:

✅ The core tenets of ISO 45001

✅ A breakdown of the seven clauses that make up the standard’s requirements

✅ Key benefits of getting your organisation certified

✅ Essential ISO 45001 certification requirements

✅ A look at the ISO 45001 auditing and assessment process.

Read the Blog

Your 10-Step Roadmap to a Robust ISMS

An effective information security management system (ISMS) is key to protecting your organisation’s data, mitigating cyber risk and ensuring compliance with relevant laws and regulations. As the cost of data breaches continues to increase and cyber threats become more sophisticated, it’s vital that your organisation has a strategy in place to protect the information it holds.

In this blog, Christie Rae shares our ten-step roadmap to developing, implementing and improving your ISMS, including:

✅ Choosing your ISMS framework, for example ISO 27001 or NIST CSF

✅ Developing your organisation’s approach to risk assessment

✅ Defining your policies and procedures for information protection, management and transfer

And more…

Read More

What’s in a Breach? How to Minimise Incidents and Costs

The latest edition of the IBM Cost of a Data Breach report shows that costs are continuing to rise, with an average cost of $4.5m (£3.6m) per breach in the UK. Globally, the figure is almost $4.9m (£3.8m) per breach – 10% higher than last year. As cyber threats continue to grow, organisations must be more proactive than ever to minimise incidents.

In this blog, Phil Muncaster discusses findings from the IBM report and how organisations can reduce the risk of data breaches. He covers:

✅ Key factors behind the growing data breach costs for UK organisations

✅ How implementing employee training as part of a thorough approach to cyber risk management can help organisations reduce data breaches

✅ How best practice frameworks and standards like ISO 27002, SOC 2 and NIST CSF enable organisations to build strong cybersecurity practices.

Read the Blog

What Does the Australian Cyber Security Strategy Mean for Your Business?

The Australian government released its Cyber Security Strategy 2023-2030 in November 2023, aiming to position the country as a world leader in cybersecurity by the end date. This includes the Cyber Security Act, which addresses legislative gaps to bring Australia in line with international best practices.

Phil Muncaster looks at the Cyber Security Strategy in the blog, discussing:

✅ The six ‘cyber shields’ that make up the Australian Cyber Security Strategy

✅ What Australian organisations need to do to align with the strategy

✅ How ISO 27001 and other best practice frameworks can help organisations combat cyber threats.

Read More

What’s in the New US International Cyber Strategy?

In May 2024, the US unveiled the United States International Cyberspace & Digital Policy Strategy (ICDPS) with the aim to build a stronger, more secure digital ecosystem across the world. The document builds on the 2023 US National Cybersecurity Strategy, which also featured a pillar dedicated to international collaboration and consensus.

In this blog, Danny Bradbury looks at the ICDPS and explores how it impacts businesses, including:

✅ The three foundational principles and four key action areas defined by the strategy

✅ Key takeaways from the ICDPS for the private sector

✅ The importance of good digital governance practices, including cybersecurity hygiene and responsible use of technologies.

Read the Blog

ISO 9001 Explained: A Comprehensive Guide to Quality Management Systems

ISO 9001, the international standard for quality management, provides a framework for organisations to build, maintain and continually improve a quality management system (QMS). Certification to the standard helps organisations streamline operations, improve customer satisfaction and ensure products or services meet and exceed customer and regulatory benchmarks.

In her blog, Rebecca Harper takes a deep dive into the ISO 9001 standard, its requirements and how to get certified, including:

✅ The seven core quality management principles of ISO 9001

✅ Key ISO 9001 clauses and their purpose when building your QMS

✅ The certification process and continual improvement

✅ Benefits of ISO 9001 certification

✅ Best practices for implementing ISO 9001 within your business.

Unlocking Your AI Security Compliance Advantage

The information security regulatory landscape is still developing rapidly. When it comes to AI, legislation is starting to pass at the state level in the US, and Standards Australia has adopted ISO 42001 to help organisations use AI effectively and responsibly.

We’ll continue to feature the latest insights and updates on all things information security. Whether you’re preparing to align with upcoming regulatory requirements, seeking to improve your organisation’s information security compliance, or looking to learn more about global information security legislation and standards, you can rely on our blog to deliver the insights you need to stay informed.