What is the difference between OT security and IT security?

Operational Technology (OT) security and Information Technology (IT) security are two distinct domains of cybersecurity, each focused on protecting different types of systems and infrastructure within an organization. Here are the key differences between OT security and IT security: Scope and Focus: IT Security: IT security primarily focuses on protecting digital information, computer systems, networks, and data. It deals with safeguarding information assets such as databases, servers, laptops, desktops, and Read more…

How do you undertake threat modelling?

Threat modeling is a systematic process for identifying and assessing security threats and vulnerabilities in a system, application, or organization. It helps you proactively identify potential risks and take appropriate measures to mitigate them. Here’s a step-by-step guide on how to undertake threat modeling: Define the Scope: Clearly define what you are threat modeling. It could be a specific application, a system, a network, or an entire organization. Identify Assets: Read more…

What is the 4th Turning and what are the Implications for Civil Security?

The Fourth Turning is a theory proposed by historians William Strauss and Neil Howe in their 1997 book titled “The Fourth Turning: An American Prophecy.” The theory suggests that history can be divided into four generational cycles, or “turnings,” each lasting about 20-25 years. These turnings are characterized by distinct social, political, and cultural dynamics. First Turning: High (The High) – This is a period of strong institutions and societal Read more…

How do you Choose which Cyber Security Course to Take?

It is always hard to know which is the best cybersecurity training course to do when you are presented with a saturated market. It’s an important investment, not only financially, but also in terms of your time and effort. You need to ensure that the course you choose aligns with your goals and provides a worthwhile return on your investment. To avoid disappointment, performing due diligence is very important to Read more…

Why is Pre-Deployment Hostile Environment Awareness Training Important?

Five reasons why providing hostile environment awareness training to employees before deploying them to high-threat environments is important: 1. Personal Safety: Training equips employees with vital skills and knowledge to recognize, avoid, and respond to potential dangers, minimizing risks to their personal safety and well-being. 2. Risk Mitigation: By preparing employees for hostile environments, organizations can reduce the likelihood of incidents, lawsuits, and reputational damage arising from inadequate preparation or Read more…

What is a “Complex” Security Environment?

A complex security environment refers to a situation in which various interconnected and interdependent factors contribute to a heightened level of uncertainty, volatility, and risk within the realm of security. This environment is characterized by a multitude of dynamic and evolving challenges that may include geopolitical tensions, technological advancements, socio-economic disparities, and diverse threat actors. Key features of a complex security environment include: Multiple Threat Actors: A diverse range of Read more…

Security of Conferences – Basic Considerations

Some companies hired to provide security at conferences cannot undertaken even basic measures. Here are some rules and best practices to follow (in general – and all depends on the overarching risk assessment in view of the nature and size of the conference etc). 1. Identification and access control measures: This includes issuing identification badges to all attendees, staff, and vendors, and implementing access control measures such as checkpoints, turnstiles, Read more…

How to Build Robust Business Resilience

Marshal’s core purpose to provide strategic resourcing support to organistion operating in dynamic security environments. Underlying this is the objective of each organistion to defend their business value against unexpected disruption. Building robust business resilience is crucial for organizations to withstand disruptions and challenges while continuing to thrive. Here are some steps to help you develop a resilient business: Risk Assessment and Scenario Planning: Start by identifying potential risks that Read more…

What are the Principles of Crisis Management?

Crisis management involves the strategic planning and response to unexpected and disruptive events that can potentially harm an organization’s reputation, operations, or stakeholders. Successful crisis management is crucial for minimizing damage and maintaining the organization’s resilience. Below are some key principles of crisis management: Preparedness: Being proactive and ready for potential crises is essential. This involves conducting risk assessments, scenario planning, and developing a comprehensive crisis management plan. Preparedness ensures Read more…

The Difference Between Due Diligence and Due Care in Security Risk Management

Due diligence and Due Care are two important concepts in security risk management that aim to reduce and manage potential risks. While they are related, they have distinct roles and functions. Let’s delve into the difference and overlap between the two: 1. Due Diligence: Due diligence refers to the process of conducting a comprehensive and proactive investigation or assessment before making a decision or taking action. In the context of Read more…