Security & Resilience Dispatches

Due diligence and Due Care are two important concepts in security risk management that aim to reduce and manage potential risks. While they are related, they have distinct roles and functions. Let’s delve into the difference and overlap between the two: 1. Due Diligence: Due diligence refers to the process of conducting a comprehensive and proactive investigation or assessment before making a decision or taking action. In the context of Read more…

Duty of care is a legal concept that refers to the responsibility individuals or organizations have to act in a reasonable manner to prevent harm to others. It is a fundamental principle in various aspects of commerce and industry, emphasizing the need to exercise caution and take appropriate measures to protect the well-being of others who may be affected by their actions or decisions. In the Security and Risk Management Read more…

The corporate security industry can innovate in several ways to adapt to emerging threats and enhance its effectiveness. Like any sector, the core areas for innovative thinking may include personnel, equipment, facilities and training, to consultancy, intelligence, technology and software. Here are some potential areas for innovation: Advanced Technologies: Embrace and leverage advanced technologies to improve security measures. This includes adopting artificial intelligence (AI) and machine learning (ML) algorithms to Read more…

Generative AI refers to the subset of artificial intelligence that involves creating or generating content, such as text, images, or videos. While generative AI has many exciting applications, it also introduces potential security concerns. Here are some aspects to consider regarding the cybersecurity of generative AI: Data privacy: Generative AI models often require large amounts of data for training. Privacy concerns arise when sensitive or personally identifiable information is used Read more…

API security testing is an essential part of ensuring the integrity and protection of an API (Application Programming Interface). Here are some common methods and techniques used to test API security: Input Validation: Test the API for proper input validation to prevent common security vulnerabilities such as injection attacks (e.g., SQL injection, command injection). Verify that the API rejects or sanitizes invalid or malicious inputs. Authentication and Authorization: Test the Read more…

Cultural events such as music festivals can pose a significant security challenge. Several factors need to be considered to ensure the safety and well-being of attendees. Here are some key considerations: Threat Analysis: Assess potential threats specific to the event, such as terrorism, crowd-related incidents, theft, vandalism, and drug-related issues. Consider both external and internal threats. Venue Selection: Evaluate the suitability of the venue in terms of size, layout, accessibility, Read more…

Organisations are increasingly looking to technology as an enabler of their resilience programmes. Why? Because, by facilitating the aggregation of data across business continuity, (BC), operational resilience (OpRes), crisis management, risk and third-party teams, technology can solve many of the pain points faced, whilst improving the quality of best practice and change programmes overall. Technology enablement of their programmes is becoming a key priority. Companies are starting to understand the Read more…

The cyber kill chain, also known as the Lockheed Martin Cyber Kill Chain, is a concept and framework used in the field of cybersecurity to describe the stages of a cyber attack. It provides a systematic approach to understanding and countering the various steps involved in a typical cyber attack. The concept was initially developed by Lockheed Martin in 2011. The cyber kill chain consists of several stages or steps Read more…