Notes (alphabetical)
Search to quickly find notes, articles, guides, and resources across the site.
Search to quickly find notes, articles, guides, and resources across the site.
Context Understanding organisational structures is vital for career progression. If you are moving from an operational role into a governance, oversight, or more senior management position, grasping the distinction between executing controls and overseeing them is essential. Definition Within the standard governance model, the second line of defence consists of the functions responsible for defining risk management frameworks and compliance standards. Typical second-line functions include Risk Management, Compliance, and Legal departments. ...
STRIDE is a threat modelling methodology developed within Microsoft, and is a mnemonic for six security threat categories. In plain language, STRIDE can thought to stand for: Spoofing - pretending to be someone else Tampering - messing with stuff you’re not supposed to Repudiation - denying you did something, even if you did Information Disclosure - exposing private information Denial of Service - crashing a system so nobody can use it Elevation of Privilege - gaining access you shouldn’t have Further reading Conducting a STRIDE-based threat analysis - UK Government guidance STRIDE Model - Microsoft Learn Related pages Threat Modelling
Zero trust is a cybersecurity concept with the principle of Never Trust, and Always Verify, requiring strict authentication and authorisation for every user and device as they access resources, and ongoing. Importantly the concept also assumes the network has hostile actors, sometimes termed Assume Breach. Zero trust as a concept differs from the previous security paradigm of securing the perimeter, or maintaining high castle walls. The term zero trust originated in 2010 with John Kindervag. It came as a fully-formed concept: we need to give up on the idea of trusted networks. ...
The Task Force on Climate Related Financial Disclosures (TCFD) did work to help companies understand what information they should share about the risks and opportunities they face due to climate change. Their guidance was organised into four key areas: Governance, Strategy, Risk Management, and Metrics and Targets. The TCFD was set up in 2015 by the Financial Stability Board (FSB) because the lack of clear and consistent information on climate risks was making markets less efficient and was contributing to systemic risk. ...
Effective Governance, Risk, and Compliance (GRC) is essential for organisations seeking to enhance operational efficiency and minimise risk exposure. A well-implemented GRC framework not only ensures adherence to regulatory requirements but also fosters a culture of accountability and transparency. As the demand for GRC solutions grows, a diverse market of vendors has emerged, offering tools to automate and streamline the required processes. The following list highlights some key players in the GRC vendor landscape. ...