What is Zero Trust?

Zero trust is a cybersecurity concept with the principle of Never Trust, and Always Verify, requiring strict authentication and authorisation for every user and device as they access resources, and ongoing. Importantly the concept also assumes the network has hostile actors, sometimes termed Assume Breach. Zero trust as a concept differs from the previous security paradigm of securing the perimeter, or maintaining high castle walls. The term zero trust originated in 2010 with John Kindervag. It came as a fully-formed concept: we need to give up on the idea of trusted networks. ...

1 min

What was the TCFD?

The Task Force on Climate Related Financial Disclosures (TCFD) did work to help companies understand what information they should share about the risks and opportunities they face due to climate change. Their guidance was organised into four key areas: Governance, Strategy, Risk Management, and Metrics and Targets. The TCFD was set up in 2015 by the Financial Stability Board (FSB) because the lack of clear and consistent information on climate risks was making markets less efficient and was contributing to systemic risk. ...

1 min

Who are the leading GRC vendors?

Effective Governance, Risk, and Compliance (GRC) is essential for organisations seeking to enhance operational efficiency and minimise risk exposure. A well-implemented GRC framework not only ensures adherence to regulatory requirements but also fosters a culture of accountability and transparency. As the demand for GRC solutions grows, a diverse market of vendors has emerged, offering tools to automate and streamline the required processes. The following list highlights some key players in the GRC vendor landscape. ...

1 min

Why learn a scripting language?

What are scripting languages? Scripting languages are designed for automating tasks within specific runtime environments or applications. They are often interpreted, meaning their code is executed line-by-line by an interpreter rather than being compiled into machine code beforehand. This allows faster development cycles as changes can be tested immediately without a compilation step but may result in slower execution speeds compared to compiled languages. Scripting languages are commonly used for tasks such as: ...

2 min

ZAP (Zed Attack Proxy)

Zed Attack Proxy is a free and open-source web app scanner, originally developed within the OWASP community, with the project now managed by Checkmarx. Further reading Top 8 penetration testing tools (Snyk Blog) ZAP (Wikipedia) Zed Attack Proxy, by CheckMarx Install ZAP on MacOS (Homebrew) Related pages OWASP

1 min