What is the Gilt Market?

What is a Gilt? Gilts are bonds issued by the UK government to raise funds from investors. These securities are considered low-risk investments because they are backed by the UK government. Gilt holders receive regular coupon payments, which represent the interest earned on the bond. Gilts come in various forms, including conventional gilts (which pay a fixed coupon), and index-linked gilts (where the coupon and principal are linked to inflation). ...

1 min

What is the least privilege principle?

Further reading Least privilege - NIST Glossary Enhance security with the principle of least privilege - Microsoft Learn Minimise the privilege and reach of applications - NCSC Principle of least privilege - Wikipedia

1 min

What Is the Model Context Protocol (MCP)? How AI Models Share Information

Model Context Protocol (MCP) is an open standard developed by Anthropic that defines how AI models share structured context - including messages, observations and actions - in a predictable and machine-readable way. Released in early 2024, MCP has been described as an “API for AI models”. However, describing it as just an API underplays its fundamental purpose: to provide a common, structured language for inter-model communication, which goes beyond a simple API call and introduces new considerations for systems design and governance. ...

7 min

What is the second line of defence (2lod)?

Context Understanding organisational structures is vital for career progression. If you are moving from an operational role into a governance, oversight, or more senior management position, grasping the distinction between executing controls and overseeing them is essential. Definition Within the standard governance model, the second line of defence consists of the functions responsible for defining risk management frameworks and compliance standards. Typical second-line functions include Risk Management, Compliance, and Legal departments. ...

2 min

What is the STRIDE Threat Model?

STRIDE is a threat modelling methodology developed within Microsoft, and is a mnemonic for six security threat categories. In plain language, STRIDE can thought to stand for: Spoofing - pretending to be someone else Tampering - messing with stuff you’re not supposed to Repudiation - denying you did something, even if you did Information Disclosure - exposing private information Denial of Service - crashing a system so nobody can use it Elevation of Privilege - gaining access you shouldn’t have Further reading Conducting a STRIDE-based threat analysis - UK Government guidance STRIDE Model - Microsoft Learn Related pages Threat Modelling

1 min