To SOC or not to SOC ? Summary This NCSC blog explores whether teams launching digital services truly need a traditional Security Operations Centre (SOC) or whether cloud-native design and operational changes can reduce or replace that need. It explains how SOCs work, why they were historically mandated (GPG13), and how the move to cloud […]
Zero trust migration: How will I know if I can remove my VPN? Summary This NCSC blog explains when it is (and isn’t) safe to remove an Always On VPN (AOVPN) during a zero trust migration. The core message: don’t switch off your AOVPN until you have replicated the security benefits it provides by other […]
Using MSPs to administer your cloud services Summary The NCSC explains the security trade-offs when organisations outsource cloud administration to Managed Service Providers (MSPs). While MSPs bring expertise, scale and operational efficiencies, delegating administrative access increases your attack surface because MSP systems and credentials can be attractive targets for attackers. The guidance recommends treating MSPs […]
Why vulnerabilities are like buses Summary The NCSC outlines a growing pattern where a high-profile, mass-exploited vulnerability in a product is frequently followed by additional critical flaws in the same product being found and exploited. Organisations often rush to apply emergency patches for the initial issue, only to face further exploitation when subsequent vulnerabilities are […]
Logging Made Easy with CISA Summary The US Cybersecurity and Infrastructure Security Agency (CISA) has relaunched an updated version of Logging Made Easy (LME). The National Cyber Security Centre (NCSC) had previously retired support for LME but announced CISA would relaunch a refreshed edition for existing and new users. The new release is intended as […]
Zero Trust migration: where do I start? Summary This NCSC blog explains practical first steps for migrating to a zero trust architecture. It assumes you have already decided zero trust fits your business goals and covers how to begin: discovery (inventory of users, devices, services and data), identity consolidation and multi-factor authentication, device management and […]
Compensatory Consumption: A Review and Research Agenda Using the Theory‐Context‐Characteristics‐Methodology Framework Summary This paper is a systematic literature review of 105 peer‑reviewed, ABS‑ranked articles that examines compensatory consumption through the TCCM (Theory‑Context‑Characteristics‑Methodology) lens, following PRISMA 2020 guidelines. The authors synthesize dominant theoretical explanations — notably self‑discrepancy theory, symbolic self‑completion and compensatory consumption theory — and […]
Stay With Me: Unveiling the Pathways to Consumer Loyalty in Live Streaming Commerce Summary This article (Bai et al., 2025) examines what drives consumer loyalty in live streaming commerce using an explanatory sequential mixed-methods design. Study 1 surveyed 507 participants and applied PLS-SEM and fsQCA to test hypotheses and identify causal configurations. Study 2 used […]
Personal Financial Planning Services: A Review and Future Research Agenda Summary This paper presents a systematic literature review of personal financial planning services using the Theory-Context-Characteristics-Methodology (TCCM) framework. The authors synthesise 81 studies to map the field, identify conceptual and methodological gaps, and propose a forward-looking research agenda. Key themes include financial literacy, cross-cultural differences […]
Defending software build pipelines from malicious attack Summary The NCSC explains why the software build pipeline is a foundational part of system security and why it needs targeted protection. Automated CI/CD pipelines bring consistency, repeatability and useful logs, but they must be defended from both external attackers and compromised builds within the pipeline. Key defences […]
