2019

URM > 2019
  • Changes in Cyber Essential Scheme | Updated you should not miss, cyber security, cyber essentials, cyber essentials plus, certification body, centificates, certifications, services, helping organisations, training

    Changes in Cyber Essentials Scheme

    As a certifying body (CB), URM has been assessed by APMG (accreditation body) to carry out Cyber Essentials evaluations and certify organisations which comply with the requirements of the scheme. It has recently been announced by the National Cyber Security Centre (NCSC) that as from April 2020, that it will be partnering with just one […]

  • Compliance in Christmas, compliance, international standards, it governance, governance, risk management, business continuity, information security, infosec, infosecurity, iso27001, iso22301, disaster recovery, pcidss, payment card, payment security, breach, breach report, cyber security

    Compliance in Christmas

    With Christmas just around the corner, this is one of the busiest times of the year for many businesses, and particularly PCI DSS compliant organisations. It will be of no surprise to anyone that the number of card transactions being processed at this time of year increases dramatically.  With the increase in the volume of […]

  • Subject access requests (SARs) – The need for education and centralised processes, sar, sars, personal data, forms, gdpr, general data protection regulation, data protection , dp,

    Subject access requests (SARs) – The need for education and centralised processes

    In a previous blog, we looked at the importance of an organisation establishing a tried and tested subject access request (SAR) response process. Having a well-drilled team following a clearly defined process is all well and good but will be largely redundant if SARs received across the organisation are not getting through to your dedicated individual […]

  • ISO 22301:2019 released: 5 key changes from 2012 version , iso, iso standards, iso standards, iso 22301, business continuity, disaster recovery, 22301 2019 new release, iso 22301 2019

    ISO 22301:2019 released: 5 key changes from 2012 version

    Following the publication of various draft versions of the Standard, BS EN ISO 22301:2019 was released last week. In this week’s Blog, URM provides you with its analysis of 5 key differences from the 2012 version of this International Standard for Business Continuity Management Systems. • The 2019 edition is significantly less detailed and prescriptive than […]

  • Classroom training: Still life in the old dog?, training, helping organisations, iso 27001, iso 22301, infosec, informationsecurity, urm, ultima risk management, pcidss

    Classroom training: Still life in the old dog?

    In 2002 when URM first started to develop and deliver information security, business continuity and risk management courses, the demise of classroom training was being strongly predicted in favour of computer-based, self-study training. Despite the doom-mongers’ predictions, 17 years later face-to-face training is still going strong. In some ways, you could argue the continuing demand for […]

  • Tips from URM – The low down on the ‘zero trust’

    Zero Trust, devised by John Kindervag, offers a radical approach to network architecture and management. The premise behind zero trust approach is quite simply ‘never trust, always verify’. In practice, this means you need to minimise the line between the outside world and the internal network.  In a zero-trust environment, you treat the internal network […]

  • Who is responsible of managing Infosec incidents?, infosec, information security, iso27001, isms, urm, urm consulting, consultnacy, ISO, international standards

    Who is responsible for managing Infosec incidents?

    Introduction Due to the increased use of information technologies and the ‘human’ involvement (both malicious, accidental and incompetent!), it is inevitable we are all going to face more and more information security incidents in the future.  The challenge for all of us is minimising the likelihood of an incident occurring and also preparing for the […]

  • What tools will I need to manage an ISMS, isms, information security management system, infosec management, infosec, infosecurity, infosecurity management sysitem, iso 27001, iso standards, international standards, ISO, iso

    What tools will I need to manage an ISMS?

    This week’s top tip looks at a frequently asked question by organisations which are looking to comply or certify to ISO 27001, the International Information Security Standard – ‘what tools will I need to manage an information security management system (ISMS)’.  A big concern for many organisations is that implementing an ISMS will lead to […]

  • Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS, payment card security standard, pci, pci dss, payment card, online payment, card, credit card data, iso standards, iso, isms, pentest, iso27001, infosec, infprmatiosecurity

    Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS?

    The short answer to this often-asked question is ‘Yes’!  There are, however, a number of other misconceptions surrounding this area of compliance and we will hopefully be adding some clarification in this blog! One misconception that we frequently encounter is when the term ‘vulnerability scanning’ is confused with ‘penetration testing’. Whilst vulnerability scanning and penetration […]