Cloud Control Matrix (CCM)

The Cloud Control Matrix (CCM) is a cybersecurity control framework developed by the Cloud Security Alliance (CSA) that provides a comprehensive set of security and compliance controls for cloud computing environments. From the Cloud Security Alliance: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance. ...

1 min

Cyber and the CFO / ACCA & CA ANZ

Cyber security is not just an issue for the IT department. It is a business risk that affects everybody. Report: Cyber and the CFO

1 min Â· ACCA & CA ANZ

Cyber Resilience Assessment Framework 2.0 (HKMA)

Context For technology and risk professionals working within Hong Kong’s banking sector, the C-RAF is the inevitable baseline for cyber compliance. Understanding its structure is not just a regulatory requirement for the institution, but a core competency for those managing governance or operational risk. This note outlines the framework’s architecture and the regulator’s expectations. The Cyber Resilience Assessment Framework (C-RAF) is the mechanism by which the Hong Kong Monetary Authority (HKMA) measures the cyber maturity of Authorised Institutions (AIs). ...

2 min Â· Graeme Milroy

Cybersecurity vendors

AuditBoard — Audit, risk, and controls management platform. BeyondTrust — Privileged access and endpoint security solutions. BitSight — Security ratings platform for vendor and third-party risk. Check Point — Network security appliances and threat prevention. Cloudflare CrowdStrike — Cloud-native endpoint detection and response (EDR). CyberArk — Privileged access management and secrets vaulting. Darktrace — AI-based cyber defence for networks and cloud. ForgeRock — Identity and access management for complex enterprises. MetricStream — GRC and compliance management software for large enterprises. Microsoft Defender — Microsoft’s endpoint and cloud threat protection suite. Microsoft Entra — Microsoft’s suite for identity and access, including Azure AD. Okta — Leading identity and access management (IAM) service. OneTrust — Privacy, risk, and trust platform widely used for GDPR and compliance. Palo Alto Prisma — Cloud security platform for apps, data, and networks. Ping Identity — Enterprise IAM with single sign-on, MFA, and API security. Qualys — Vulnerability management and compliance scanning. RSA Archer — Integrated risk management platform for enterprise GRC programs. SailPoint — Identity governance and lifecycle management. SentinelOne — AI-driven EDR and XDR for endpoints and workloads. ServiceNow GRC — Governance, risk, and compliance workflows built into the ServiceNow platform. Sophos — Unified threat management and endpoint protection. Tenable — Cyber exposure platform, best known for Nessus scanning. Trend Micro — Endpoint, cloud, and hybrid security software. UpGuard — Third-party risk and attack surface monitoring. Vanta — Automated security and compliance monitoring, especially for SOC2. Wiz — Cloud security posture management for AWS, Azure, GCP. Zscaler — Cloud-based secure web gateway and zero-trust access.

2 min

What is a Hypervisor? Origins, Security Benefits, and Future Relevance

What is a Hypervisor? A hypervisor is software that allows multiple operating systems to run on a single physical machine by creating and managing virtual machines (VMs). Each VM operates like a separate computer, with its own OS, CPU, memory, and storage, while sharing the same underlying hardware. Hypervisors abstract and allocate physical resources to VMs, enabling isolation, efficiency, and flexible workload management. They’re a foundational component of cloud infrastructure, enterprise IT, and even some home labs. Common examples of hypervisor technologies include KVM, Xen, VMware ESXi, and Microsoft Hyper-V. ...

4 min