
July 1, 2026
Hacker Hub - July 2026
Supply chain attacks are one of the fastest growing cyber threats. SMEs are frequently the entry point attackers use to reach larger targets. Here is what you need to know and what to do about it.
Read MoreIf you’re adding a legal register as part of your ISO 27001 implementation, have you stopped to ask yourself: Why? At first glance, a legal register sounds like a great idea. But does it actually protect the confidentiality, integrity, or availability of your information?
For most businesses, the answer is no.
Let’s Be Clear
A legal register can certainly help with compliance—it keeps track of laws, regulations, and obligations that apply to your business. And if compliance is your goal, that’s fine.
But here’s the thing: ISO 27001 isn’t about compliance. It’s about information security.
And let’s be honest—having a list of legal requirements in a spreadsheet:
❌ Won’t stop a ransomware attack
❌ Won’t mitigate insider threats
❌ Won’t reduce downtime after a system failure
It’s a “nice-to-have”, not a security measure.
So, Why Does This Matter?
Every Annex A control should have a clear and direct impact on your security posture. If it doesn’t, why are you spending valuable time and resources on it?
Yes, some controls are mandatory based on your business and legal requirements—but many aren’t.
When you blindly implement controls just because “Annex A says so”, you’re prioritising compliance over real security. And that’s a risky trade-off.
The Takeaway?
✅ Be critical.
✅ Be strategic.
✅ Ask yourself: Does this control actually protect my organisation’s data, or am I just ticking boxes?
I’d love to hear your thoughts—do you agree that some Annex A controls add little value?
Or do you see it differently? Get in touch or connect with me on LinkedIn

July 1, 2026
Supply chain attacks are one of the fastest growing cyber threats. SMEs are frequently the entry point attackers use to reach larger targets. Here is what you need to know and what to do about it.
Read More
June 1, 2026
Five of the most common cyber threats targeting small and medium-sized businesses today, explained in plain English with practical steps you can act on right now.
Read More
June 1, 2026
AI tools are now accessible to attackers and defenders alike. Anthropic's Mythos model proves the game has changed. Here's what that means for your business.
Read More