Cybersecurity

A Compass for Navigating Cyber Careers When someone says they work in cybersecurity, it could mean anything from cloud engineering to incident response, from red teams to risk governance. The field is vast and only getting more complex. Despite all the frameworks we use to secure systems, most organisations still lack a shared language for describing the people who do the work. That’s what the NICE Framework offers: a way to map roles, skills, and development pathways across the full cyber landscape. ...

Less than a month until the new American administration, Wired predicts what will change in US cybersecurity policy - and regulations. Wired predicts shifts in U.S. cyber policy under the new administration; if accurate, this would mean a lighter regulatory touch. It remains to be seen how industry will respond. [… ] “more regulation will be dismantled than introduced.” Biden’s presidency was “riddled with new cyber regulation” that sometimes confused and overburdened industry, he adds. “The new White House will be looking to reduce regulatory burdens while streamlining smart compliance.” ...

The US Government’s National Institute for Standards and Technology, known commonly as NIST, released its updated Cybersecurity framework in February. This was the first new version in 10 years, following the 1.0 version in 2014 that was primarily aimed at protecting US critical infrastructure. The new 2.0 version is international and aimed for broad consumption: drafted in collaboration with experts across 100 countries, it should also be easier to use. Version 2.0 also introduces a new category: Govern, recognising that the world has changed since 2014, with Cyber now an enterprise risk being discussed in the boardroom. ...

With the new UK Labour government, changes are expected in legislation and regulations for risk and resilience. The Cyber Security & Resilience Bill will be coming before Parliament in 2025, helping government ‘build a better picture’ of the cyber threat landscape. The Bill will [… expand] the remit of the existing regulation, putting regulators on a stronger footing, and increasing reporting requirements to build a better picture in government of cyber threats. ...

Prudential Standard 234 Information Security

The Cloud Control Matrix (CCM) is a cybersecurity control framework developed by the Cloud Security Alliance (CSA) that provides a comprehensive set of security and compliance controls for cloud computing environments. From the Cloud Security Alliance: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance. ...

Cyber security is not just an issue for the IT department. It is a business risk that affects everybody. Report: Cyber and the CFO

The Cyber Resilience Assessment Framework (C-RAF) was designed to help Hong Kong financial services organisations evaluate their ability to prepare for, respond to, and recover from cyber threats and incidents. C-RAF 2.0 provides a systematic approach for assessing critical systems, processes, and governance, focusing on strengthening resilience against evolving cyber risks. C-RAF was developed by the HKMA and is applicable for all Authorised Institutions, known as AIs, the banks and financial services organisations under HKMA supervision. ...

What is a Hypervisor? A hypervisor is software that allows multiple operating systems to run on a single physical machine by creating and managing virtual machines (VMs). Each VM operates like a separate computer, with its own OS, CPU, memory, and storage, while sharing the same underlying hardware. Hypervisors abstract and allocate physical resources to VMs, enabling isolation, efficiency, and flexible workload management. They’re a foundational component of cloud infrastructure, enterprise IT, and even some home labs. Common examples of hypervisor technologies include KVM, Xen, VMware ESXi, and Microsoft Hyper-V. ...