News & Events

Upcoming Events

See us at Infosec Europe 2020

One Compliance Blog

Keep Safe

Many of us are having home working thrust upon us due to the pandemic which has led to changes for everybody. This means more pressure upon an already creaking IT department which means that security is not featured as poignantly on the to do list as it usually is. Unfortunately, cyber criminals and opportunists are helped rather than hindered by the lockdown and we are already seeing spikes in basic attacks such as phishing. The BBC has published an article pertaining to the same https://www.bbc.co.uk/news/technology-51838468. A breach/compromise could not only affect the integrity of client and business

Read More »

United We Stand, Divided We Fall

Tonight’s one of those nights where I’m burning the candle at both ends but before I sign off and hit the hay, I’ve had the thought “who will get breached tonight?”. Let’s be honest, there’s always somebody and when it’s a high-profile case the jungle drums start beating and platforms such as LinkedIn are awash with sneers and jibes and industry vendors start dreaming up rumours about why these organisations were breached (it usually has something to do with them not using that particular vendors tech). Now, I’m probably being a little cynical because it’s late

Read More »

Lies, damned lies and PCI DSS compliant E-Commerce hosting and service provision

As a PCI DSS Qualified Security Assessor, I’ve had this conversation far too many times now. Many hosting providers make claims of PCI DSS compliance, however when trying to verify that compliance we are met with obfuscation and frustration. I have seen so many certificates, ASV scan reports, merchant attestations and other documents which service providers hold up to claim PCI DSS compliance that it just isn’t funny anymore. Ultimately, it is the Merchant that has responsibility for PCI DSS compliance. It is the Merchant who owns the contract with the acquiring bank. It is the

Read More »

Ransomware Mitigation Fundamentals

With the Travelex ransomware situation in the news, it is important for all information security folks to review ransomware mitigation strategies and be sure that plans are in-place should the worst happen. Firstly, there is not, and is unlikely to be any further detail on the Travelex situation.  Any speculation as to what and how it happened is unhelpful and unnecessary.  I have no doubt that Travelex will currently be unpicking their situation, and have all appropriate resources in place to remediate their problems. For the purposes of this blog, we are going to look at fundamental mitigation techniques

Read More »
Password Book

Is a present really a present?

The January blues are in full-flow around the nation and not only am I in a grump but I’m being massively ungrateful to boot! Allow me to explain. This year, we moved to lovely new serviced offices and to prove that I’m not always in a crank, we participated in Secret Santa with the other companies who share office space here. Of course, I went all out (if you know, you know!) and in return I was given some chocolates and a notebook. Now, I love chocolate and I can never have enough notepads as I try and make

Read More »

One Compliance are now CREST Accredited for Penetration Testing

We are pleased and extremely proud to announce that we have achieved CREST accreditation for our Penetration Testing services, an internationally recognised endorsement of our robust network security testing methodologies. CREST provides independent, verifiable third-party assessments of security testing businesses in the UK and across the world and gives clients a demonstrable level of assurance that the security testing processes and procedures being deployed meet the highest professional standards. Achieving the CREST accreditation required a rigorous assessment of our company business processes, data security and security testing methodologies. We at One Compliance have always striven to

Read More »

Keep Safe

Many of us are having home working thrust upon us due to the pandemic which has led to changes for everybody. This means more pressure upon an already creaking IT department which means that security is not featured as poignantly on the to do list as it usually is. Unfortunately, cyber criminals and opportunists are helped rather than hindered by the lockdown and we are already seeing spikes in basic attacks such as phishing. The BBC has published an article pertaining to the same https://www.bbc.co.uk/news/technology-51838468. A breach/compromise could not only affect the integrity of client and business

Read More »

United We Stand, Divided We Fall

Tonight’s one of those nights where I’m burning the candle at both ends but before I sign off and hit the hay, I’ve had the thought “who will get breached tonight?”. Let’s be honest, there’s always somebody and when it’s a high-profile case the jungle drums start beating and platforms such as LinkedIn are awash with sneers and jibes and industry vendors start dreaming up rumours about why these organisations were breached (it usually has something to do with them not using that particular vendors tech). Now, I’m probably being a little cynical because it’s late

Read More »

Lies, damned lies and PCI DSS compliant E-Commerce hosting and service provision

As a PCI DSS Qualified Security Assessor, I’ve had this conversation far too many times now. Many hosting providers make claims of PCI DSS compliance, however when trying to verify that compliance we are met with obfuscation and frustration. I have seen so many certificates, ASV scan reports, merchant attestations and other documents which service providers hold up to claim PCI DSS compliance that it just isn’t funny anymore. Ultimately, it is the Merchant that has responsibility for PCI DSS compliance. It is the Merchant who owns the contract with the acquiring bank. It is the

Read More »

Ransomware Mitigation Fundamentals

With the Travelex ransomware situation in the news, it is important for all information security folks to review ransomware mitigation strategies and be sure that plans are in-place should the worst happen. Firstly, there is not, and is unlikely to be any further detail on the Travelex situation.  Any speculation as to what and how it happened is unhelpful and unnecessary.  I have no doubt that Travelex will currently be unpicking their situation, and have all appropriate resources in place to remediate their problems. For the purposes of this blog, we are going to look at fundamental mitigation techniques

Read More »

Is a present really a present?

The January blues are in full-flow around the nation and not only am I in a grump but I’m being massively ungrateful to boot! Allow me to explain. This year, we moved to lovely new serviced offices and to prove that I’m not always in a crank, we participated in Secret Santa with the other companies who share office space here. Of course, I went all out (if you know, you know!) and in return I was given some chocolates and a notebook. Now, I love chocolate and I can never have enough notepads as I try and make

Read More »

One Compliance are now CREST Accredited for Penetration Testing

We are pleased and extremely proud to announce that we have achieved CREST accreditation for our Penetration Testing services, an internationally recognised endorsement of our robust network security testing methodologies. CREST provides independent, verifiable third-party assessments of security testing businesses in the UK and across the world and gives clients a demonstrable level of assurance that the security testing processes and procedures being deployed meet the highest professional standards. Achieving the CREST accreditation required a rigorous assessment of our company business processes, data security and security testing methodologies. We at One Compliance have always striven to

Read More »