Articles
Clear, practical insight on the topics shaping secure and regulated environments – from day-to-day delivery challenges to the frameworks and requirements that underpin them.
-
Delivering OFFICIAL and OFFICIAL-SENSITIVE work in practice
Read more: Delivering OFFICIAL and OFFICIAL-SENSITIVE work in practiceThere is sometimes a tendency to treat the terms OFFICIAL and OFFICIAL-SENSITIVE as purely administrative labels, but for organisations working with the Ministry of Defence they represent a set of expectations about how information should be handled and what the working environment needs to look like. What the classifications mean in day-to-day delivery These classifications…
-
Where the Cyber Security & Resilience Bill Leads Us
Read more: Where the Cyber Security & Resilience Bill Leads UsArticle first published 16/12/2025 and updated 27/05/2026 The Cyber Security & Resilience Bill has now moved beyond policy signal and into Parliament, having been introduced on 12 November 2025. The early noise has faded, leaving behind the steadier question of what it actually means for organisations that keep essential services running. The familiar headlines still…
-
Considering the Physical Aspects of Cyber Security
Read more: Considering the Physical Aspects of Cyber SecurityBy James Jackson, Security Consultant, Logiq Comprehensive physical security controls are as essential as digital cyber security controls. A strong physical security posture is key to avoiding incidents – however stakeholders may overlook these more traditional defences against the ever-changing digital landscape. Physical security is the prevention and mitigation of unauthorised access to facilities and…
-
NCSC Annual Review 2025 – What Resilience Looks Like Now
Read more: NCSC Annual Review 2025 – What Resilience Looks Like NowThe National Cyber Security Centre’s Annual Review 2025 arrives at a moment when the language of cyber resilience has become inseparable from the language of business itself. Across the public sector and its supply chains, the review paints a picture of a nation more dependent than ever on digital systems — and more exposed than…
-
Navigating MOD Cyber Compliance in 2025
Read more: Navigating MOD Cyber Compliance in 2025In the UK defence sector, cyber security is no longer treated as a peripheral concern; it is central to procurement policy, and the risks of compromise are too great to be left to interpretation. At the heart of the Ministry of Defence (MOD) expectations sits Defence Standard (Def Stan) 05-138, a detailed standard that defines…
-
CSMv4 Compliance: MOD Cyber Requirements Explained
Read more: CSMv4 Compliance: MOD Cyber Requirements ExplainedArticle first published 07/10/2025 and updated 27/05/2026 CSMv4 Compliance – What MOD Suppliers Need to Do CSMv4 is now the current MOD Cyber Security Model for supplier cyber assurance. It is built around Defence Standard 05-138 Issue 4 and DEFCON 658, with the aim of applying a more proportionate, risk-based and evidence-led approach across the…
-
Preparing for DCC Evidence Requirements
Read more: Preparing for DCC Evidence RequirementsArticle first published 23/09/2025 and updated 27/05/2026 Recent developments: Since publication, the relationship between Defence Cyber Certification and DEFCON 658 has become clearer. MOD Industry Security Notice 2026/02 confirms that suppliers holding and maintaining valid certification at the appropriate DCC level may use that certification as assurance of control requirements under DEFCON 658. This does…
-
Bolstering SME Cyber Resilience
Read more: Bolstering SME Cyber ResilienceIn his latest article, first written for, and published by BCS ITNow Magazine, Logiq Security Practice Lead, Matthew Mackay CISM CISA, outlines why smaller organisations must adopt a principles-based approach to managing cyber risk. Strong cybersecurity practices can not only enable SMEs to protect themselves from cyber threats, but also offer a competitive advantage, particularly…
-
CSMv4 – Building Cyber Security into the Defence Supply Chain
Read more: CSMv4 – Building Cyber Security into the Defence Supply ChainPreparing MOD Suppliers for CSMv4 Readiness This article reflects guidance as at 25 July 2025. For the latest updates, visit the MOD Cyber Security Model page on gov.uk. Back in January, we explored what CSMv4 means for the defence supply chain and why it represents a significant evolution from CSMv3. With the publication of Def…
-
From Information Security to Cyber Security: Aligning Security with Organisational Objectives
Read more: From Information Security to Cyber Security: Aligning Security with Organisational ObjectivesBy Matthew Mackay CISA CISM CITP MBCS ChCSP MCIIS, Security Practice Lead at Logiq Article written for and first published by techUK It’s time we stop thinking in terms of ‘information security’ and start thinking in terms of ‘cyber security’; not just as a linguistic shift, but a fundamental shift in the way we view…
-
SaaS or Self-Hosted: What’s the right ServiceNow strategy for your organisation?
Read more: SaaS or Self-Hosted: What’s the right ServiceNow strategy for your organisation?ServiceNow has become the go-to platform for organisations seeking to streamline workflows, automate service delivery and drive digital transformation. With its extensive capabilities, the platform presents huge value opportunities but also requires a key consideration – the deployment strategy. Does the organisation and associated infrastructure require a conventional, vendor-hosted SaaS solution or a self-hosted instance?…
-
Defence Cyber Certification: Aligning Risk Profiles with Real Assurance
Read more: Defence Cyber Certification: Aligning Risk Profiles with Real AssuranceIn a previous article, we explored the MOD’s Cyber Security Model version 4 (CSMv4), the framework that introduced structured risk profiles to assess the cyber requirements of defence contracts. Now, we turn our attention to what comes next: Defence Cyber Certification (DCC), the formal mechanism that ensures Defence Suppliers meet the resilience standards required across…