Expert analysis on EU cyber regulation, risk management, and security strategy — written by practitioners for practitioners.
A comprehensive technical breakdown of the NIS2 Directive — covering scope, obligations, security measures, incident reporting requirements, and enforcement. Essential reading for CISOs, compliance managers, and technical teams preparing for implementation across the EU and beyond.
The Cyber Resilience Act introduces mandatory security and transparency requirements for product manufacturers. We break down the key obligations, compliance timeline, and practical implementation considerations for hardware and software vendors.
New to NIS2? We guide you through building a security programme that meets the Directive's governance, risk management, and incident response requirements. Step-by-step practical advice for organisations starting their compliance journey.
Not every organisation needs (or can afford) a full-time Chief Information Security Officer. We explore when fractional CISO services deliver value, how to structure the engagement, and what to expect from on-demand security leadership.
NIS2 extends responsibility to third-party and supplier risk. Learn how to map your supply chain dependencies, assess vendor risk maturity, and implement practical controls that satisfy regulatory expectations without creating operational friction.
ISO 27005 is the foundation for structured risk management. This guide walks through the risk identification, analysis, and treatment process — with real-world examples of how to make risk management speak the language of your business and board.
The Digital Operational Resilience Act reshapes how financial services firms manage ICT risk. We break down the testing requirements, incident thresholds, third-party risk management, and governance expectations — with a focus on practical implementation.