Change is constant in our world. Keeping pace with new thinking and practices is a given. This is a chance to explore a range of different ideas from industry experts.
If you manage risk, one vital part of your job is reporting your project’s status and results to other groups: the board, management, and external auditors. And when building reports, risk managers must pay careful attention to the relationships of the intended audiences.
We typically don't divulge much of our work, partly because we're security professionals, but also because we've been focused on building an exceptional business. Nevertheless, we are incredibly proud of our team, clients, and delivery. We want to express our gratitude to all those who have been a part of our journey.
Recently we discussed the security of RiskTree with a client, who ran through the NCSC Cloud Security Principles. Since RiskTree is delivered as software-as-a-service, this made sense. One point that arose was the lack of Multi-Factor Authentication (MFA) in use: CSP Principle 10 states that 2FA is ‘considered good practice’, using either a hardware or software token or out-of-band challenge.