The principle by which users and other entities are denied access unless specifically authorised.
Deny-By-Default-Principle
Mark Sharron
Mark Sharron leads Search & Generative AI Strategy at ISMS.online. His focus is communicating how ISO 27001, ISO 42001 and SOC 2 work in practice - tying risk to controls, policies and evidence with audit-ready traceability. Mark partners with product and customer teams so this logic is embedded in workflows and web content - helping organisations understand, prove security, privacy and AI governance with confidence.
Related articles
The Resilience Factor: Breaking Down the BridgePay Ransomware Attack
Operational shutdown is the last thing any business wants, but it is a very real risk during a ransomware attack. This is a lesson US payment gatew...
Why Regulatory Uncertainty is the Best Reason to Adopt ISO 42001 Now
The EU AI Act’s high-risk rules are legally slated for August 2026, but proposed amendments could push them to late 2027. For the unprepared, this ...
Flying High: The EU Aviation Safety Agency’s Part-IS Rules Explained
The new European Union Aviation Safety Agency’s Part-IS rules have come into place, expanding cybersecurity obligations across the civil avia...
Read more from Mark Sharron
The Ultimate Guide to GDPR Compliance with ISO 27001 and ISO 27701
The Challenge of GDPR Compliance Managing the requirements of GDPR compliance is a significant challenge for businesses. However, implementing ISO ...
Why Italy Said No to ChatGPT – A Deep Dive Into the Controversy
The ChatGPT Ban in Italy A Wake-up Call for AI Developers and Users The recent ban on ChatGPT in Italy has raised concerns about AI developers̵...
Why ISO 27001 Is Better Than
SOC 2
The Microsoft Supplier Security and Privacy Assurance (SSPA) program requires that its suppliers have an adequate security and privacy program in p...
