System and Organisation Controls 2: A Guide to SOC 2 Audits
22 April 2025
The System and Organisation Controls (SOC) 2 framework was developed by the American Institute of CPAs (AICPA), the national organisation for Certified Public Accountants (CPAs). However, the framework is not only relevant to the USA and organisations based there. A big driver for SOC 2 compliance in Europe is US firms looking for assurance from their European supply chain partners, making SOC 2 compliance increasingly relevant in sectors such as Defence, Health, Finance, and Technology. In...
Enhancing Cybersecurity in the Financial Industry: A Comprehensive Guide to Swift Customer Security Programme (CSP)
20 January 2025
In an era of rapid technological advancements, the financial industry has witnessed a significant transformation in transactions and communications. One of the key players in this landscape is the Society for Worldwide Interbank Financial Telecommunication (Swift), which facilitates secure and standardised messaging services for financial institutions worldwide. As the financial sector becomes increasingly interconnected and reliant on technology, the need for robust cybersecurity...
DORA Whitepaper
8 November 2024
This white paper examines the Digital Operational Resilience Act (DORA), an EU regulation aimed at strengthening cybersecurity and operational resilience in the financial sector. It details compliance requirements, including threat-led penetration testing, and highlights DORA's role in mitigating cyber risks, ensuring service continuity, and enhancing third-party risk management.
The AI Act - Whitepaper
22 April 2024
This white paper explores the contrasting regulatory frameworks for artificial intelligence (AI) in the European Union and the United Kingdom. It aims to illuminate their implications for AI system creators and provide a guide for navigating these diverse legal landscapes.
CQUEST Whitepaper
27 February 2024
The Bank of England is working to ensure that the financial sector in the UK is resilient to any disruptions to its operations. The financial sector includes banks, building societies, insurers, and financial market infrastructure providers (FMIs). They carry out this work together with the UK’s two other financial authorities: HM Treasury and the Financial Conduct Authority.Operational disruption to important business services could impact financial stability, threaten the safety and...
GovAssure Whitepaper
31 October 2023
With an ever-growing threat facing HM Government (HMG), cyber security capability has become ever more important and critical to ensuring the UK remains safe and secure. GovAssure is an enhanced cyber security programme that has been implemented by HMG to ensure IT systems are protected from this growing threat. GovAssure is run by the Cabinet Office’s Government Security Group (GSG), with input from the National Cyber Security Centre (NCSC). This whitepaper aims to explain and provide an...
MoD Secure by Design Whitepaper
31 August 2023
There are very few threats that are faced by individuals, organisations and governments alike; at the precipice of them all, in our current age, are cyber-attacks. Any number of actors, be they state-backed, hacktivists or organised criminals, have the potential to circumvent the security procedures and barriers created to protect information of value. The UK Ministry of Defence (MoD) has now released a new policy for managing the through-life cyber security of projects and programs, to...
CraftCMS Whitepaper
30 August 2023
In the ever-evolving landscape of cybersecurity, recent scrutiny has unveiled two critical vulnerabilities within CraftCMS, identified as CVE-2023-36259 (Stored XSS) and CVE-2023-36260 (DoS). The first vulnerability, CVE-2023-36259, highlights a Stored Cross-Site Scripting flaw stemming from deficient input validation within CraftCMS's Audit Plugin. Malicious actors are able to exploit this vulnerability by introducing malevolent JavaScript code during the user creation phase.
CREST OVS Whitepaper
29 August 2023
AMR CyberSecurity has recently been accepted into the CREST OVS scheme, demonstrating our commitment to maintaining the highest standards of cybersecurity excellence. CREST OVS is a quality assurance standard for the global application security industry, providing mobile and web app developers with greater security assurance and accredited organisations with enhanced access to the growing app development industry.
Impacts of AI and MI on PCI DSS and Leveraging Technical Controls
28 July 2023
The rapid advancements in Artificial Intelligence (AI) and Machine Intelligence (MI) technologies have brought about a paradigm shift in various industries, including cybersecurity. As organisations increasingly adopt AI and MI solutions, it is crucial to assess their impact on compliance with the Payment Card Industry Data Security Standard (PCI DSS). This white paper aims to explore the profound implications of AI and MI on PCI DSS compliance and discuss how organisations can leverage these...
Supply Chain - Whitepaper
31 May 2023
In today's interconnected world, supply chain security has become an essential element of cybersecurity. As businesses increasingly rely on third-party vendors and suppliers, the potential for a breach or attack through the supply chain has become a significant concern. Organisations must understand the security implications of their supply chain and implement suitable controls to mitigate risks.
Purple Team - Whitepaper
31 May 2023
Martin Walsham from AMR CyberSecurity discusses the benefits of implementing a purple team assessment process and provides a high-level structured approach to implementation.
Incident Response - Whitepaper
15 February 2023
Tom Miller from AMR CyberSecurity describes how organisations can best defend against, detect and respond to cyber-attacks. Many organisations are concerned about potential and actual cyber security attacks, both on their own organisations and through the supply chain. Dealing with cyber security incidents – particularly sophisticated cyber security attacks – can be a daunting, difficult task, even for the most advanced organisations. The best way to shield against attack is to...
SolarWinds Orion Breach Research
15 December 2020
It recently been highlighted within the wider computer security industry that SolarWinds products are a supply chain risk. Specifically, the Orion platform are critically vulnerable to a remote attack known as “SUNBURST Backdoor” due to some legitimate products from the orgnisation being trojanised with malware during an update permitting a back door into orgnasitation's networks and the data contained on the platform. The SolarWinds Orion product is used to monitor and optimise IT...
Ransomware - It's Not An Attacker Fad
20 November 2020
With the growing trend of ransomware attacks on large established organisations and brands over the last quarter; such as IT service provider 'Sopra Steria' and more recently the beverage brand and manufacture 'Campari'. The Ransomware risk has shown no traction in stopping, or what industries and sectors are being targeted. With many organisations having to invest significance resource to manage this risk. AMR CyberSecurity has researched this risk and outlined the key information, risks...
