What to do in the first 24 hours after a breach
A practical first-response guide for containment, evidence preservation and decision-making.
Read guide →Insights and Guides
Practical cybersecurity guides for leaders, IT teams and security owners.
Use these guides to prepare for incidents, improve controls, understand frameworks and build stronger security operations.
Incident Response
How to write an incident response plan that works
Build an IR plan that helps during real incidents, not just audits. Decision authority, evidence checklists and testing.
Read guide →Ransomware containment checklist
Steps to stabilise the environment without destroying evidence or blocking investigation.
Read checklist →Business email compromise response guide
Mailbox triage, forwarding rule checks, OAuth review, password resets and stakeholder communications.
Read guide →GRC and Assurance
Essential Eight, ISO 27001 and NIST CSF: how they fit together
Understand how common frameworks support baseline hardening, management systems and risk communication.
Read guide →How to report cybersecurity to a board
Structure, metrics and language that help board members make risk decisions instead of glazing over.
Read guide →Preparing for customer security questionnaires
How to build reusable evidence instead of answering every assurance request from scratch.
Read guide →What auditors usually expect from control evidence
How to move from policy statements to operating evidence, owners, timestamps and repeatable review cycles.
Read guide →Cloud and Identity
Cloud misconfiguration: controls that usually matter first
IAM, logging, public exposure, backups, secrets and network controls to prioritise early.
Read guide →Privileged access review checklist
A practical checklist for reviewing administrator access, exceptions and approval pathways.
Read checklist →Conditional access baseline
Common identity policies that reduce account compromise risk while remaining practical for users.
Read guide →Security Operations
Why EDR is not enough without an operating model
EDR tools need ownership, triage, tuning, escalation and response authority to deliver value.
Read guide →Basic SOC operating model
A lightweight model for alert intake, triage, escalation, evidence capture and reporting.
Read template →Security metrics that actually matter
Move beyond alert counts and track whether response, coverage and control maturity are improving.
Read guide →