Test schedule
ISMS.online Blog
Compliance Matters
Keeping you up-to-date on the world of information security and compliance.
Test Sched
As Optus Is Sued, What Went Wrong and What Lessons Can We Learn?
The wheels of justice move slowly sometimes. So it is in Australia, where the privacy regulator has finally filed civil penalty proceedings against...
In the Spotlight
Catch up with the stories that have caught our eye this month
Email Scammers are Evolving: Here’s How to Protect Yourself
Cybercriminals are rattling corporate door knobs on a constant basis, but few attacks are as devious and brazen as business email compromise (BEC)....
Some Vulnerabilities Are Forgivable, But Poor Patch Management Is Not
At the start of the year, the UK’s National Cyber Security Centre (NCSC) called on the software industry to get its act together. Too many &#...
The Cybersecurity Implications of AI Platform Breaches
Artificial intelligence is finding its way into everything from cat flaps to ‘smart’ backyard grills – and of course, you canR...
When Legacy Systems Fail: Lessons from the Federal Courts Breach
Cyber attacks happen every day, but some are especially chilling. An attack this summer on the US court system should have sent chills down every s...
Everything You Need to Know About the Data Use and Access Bill
The UK’s new Data Use and Access Bill (DUAA) received Royal Assent on 19 June 2025, marking a refresh to the country’s data protection ...
Everything You Need to Know About the Data Use and Access Bill
The UK’s new Data Use and Access Bill (DUAA) received Royal Assent on 19 June 2025, marking a refresh to the country’s data protection ...
EU AI Act: The New Content Training Summary Template for GPAI Providers
What is the Content Training Summary Template? The European Commission recently released an explanatory notice and template to help providers of g...
OT Risk Could Be a $330bn Problem: How Do We Solve It?
Business leaders neglect operational technology (OT) risk at their peril. These are the systems that power some of the UK’s most critical national ...
Stay ahead of the headlines with the IO newsletter
Get a monthly round-up of all the information, privacy and cyber security news direct to your inbox.
What’s in the New EU AI Act General Purpose AI Code of Practice?
The EU AI Act’s first provisions, such as those on prohibited AI practices, took effect in February 2025. A phased rollout of requirements continue...
A Surge in VPN Use Could Be Risky for Businesses: Here’s How to Respond
The Online Safety Act (OSA) is one of the longest and most complex laws on the UK’s statute books. It’s also one of the most controversial, contain...
IO Retains G2 Grid® Leader Title in GRC for Fall 2025
We’re delighted to share that IO has been named a Leader in the G2 Grid® Reports for Fall 2025. This quarter, ISMS.online achieved ten badges in th...
Popular Categories
Information Security
Cyber security
Data Privacy
Data Protection
ISO 27001
When Legacy Systems Fail: Lessons from the Federal Courts Breach
Cyber attacks happen every day, but some are especially chilling. An attack this summer on the US court system should have sent chills down every s...
EU AI Act: The New Content Training Summary Template for GPAI Providers
What is the Content Training Summary Template? The European Commission recently released an explanatory notice and template to help providers of g...
OT Risk Could Be a $330bn Problem: How Do We Solve It?
Business leaders neglect operational technology (OT) risk at their peril. These are the systems that power some of the UK’s most critical national ...
What the US AI Action Plan Means
The White House unveiled a sweeping AI action plan in July that reshapes America’s approach to governing AI. It’s a huge pivot from the...
Qantas Data Breach: Why Vendor Oversight Must Be a Compliance Priority
A recent Qantas data breach compromising the personal information of 5.7 million customers has highlighted the ongoing cybersecurity risk that thir...
British Companies Are Losing the Fight Against Ransomware: What Gives?
Just before the Easter bank holiday weekend, Marks & Spencer was plunged into one of the worst ransomware breaches the country has seen in rece...
Beyond Representation – Why Inclusion Is a Business-Critical Risk Strategy
In cybersecurity, we talk a lot about risk, assessing it, prioritising it, and mitigating it. We measure maturity in frameworks, implement controls...
DORA: Six Months on and Plenty of Work Still to Do
Security and compliance teams had a busy start to 2025. Sandwiched between the deadline for member states to implement NIS 2 into local law and the...
Supply Chains Are Complex, Opaque and Insecure: Regulators Are Demanding Better
What do Marks & Spencer and Jaguar Land Rover (JLR) have in common? They both suffered significant ransomware breaches this year after threat a...
