What is security testing?

Further reading Security Testing - UK Cyber Security Council Continually test your security - NCSC Penetration testing - NCSC Guidance Perform security​ testing - Microsoft Security Engineering

1 min

What is the Azure Shared Responsibility Model?

The Azure Shared Responsibility Model outlines the division of security responsibilities suggested by Microsoft between themselves and their customers for managing the cloud. Understanding this model is important for ensuring that both parties effectively manage and secure their cloud environments. Further reading Shared responsibility in the cloud - Microsoft Related pages Shared Responsibility Model

1 min

What is the Consensus Trap?

The consensus trap occurs when decision-making is stalled by the pursuit of unanimous agreement. While seeking input and alignment is valuable and at times essential, excessive focus on consensus can lead to wrong decisions, delays, weak compromises, or complete inaction altogether. When organisations prioritise harmony over progress, they risk avoiding hard but necessary choices. This is particularly problematic in fast-moving environments where decisive action is critical. How to avoid the consensus trap The principle of disagree and commit helps counteract this by allowing debate during deliberation but requiring commitment once a decision is made. Strong leaders will encourage diverse perspectives, while ensuring execution isn’t stalled by lack of full agreement. ...

1 min

What is the Continuous Audit Metrics Catalogue ?

The Continuous Audit Metrics Catalog, from the Cloud Security Alliance provides a set of metrics to help organisations continuously monitor and assess their cloud security posture. Further reading The Continuous Audit Metrics Catalog Related pages Cloud Security Alliance Cloud Control Matrix

1 min

What is the first line of defence (1lod)?

The first line of defence in an organisation is responsible for owning and managing risks. This includes implementing and maintaining effective internal controls, and executing day-to-day operational activities to ensure compliance with policies and procedures. Related pages Three lines of defence Second line of defence

1 min