Managing supplier risk- what do you need to know about your key third parties? Surveys and reviews of information security incidents typically highlight third parties as being one of the major sources of issues and breaches (e.g. PWC Information Security Survey) and URM believes that many of these could be avoided by organisations improving their […]
In our previous blog, we looked at where your PCI compliance journey starts. The first step is understanding the flow of your payment card data – by that we mean where payment card information comes into your organisation, where it goes, who it is shared with, what systems and components it touches, where it is […]
We have recently seen an increased focus on the General Data Protection Regulation (GDPR) by certification body (CB) assessors when conducting ISO 27001 audits. In the past, assessments have typically focused on whether organisations were registered with the Information Commissioner’s Office (ICO), whether they were complying with ‘Privacy and protection of personally identifiable information’ (ISO […]
So, let’s take a step back and define what is PCI. The Payment Card Industry Data Security Standard, referred to as PCI DSS or quite simply PCI, was developed by the founding payment brands of the PCI Security Standards Council (SSC), including MasterCard Worldwide, Visa International, American Express, Discover Financial Services, and JCB. In a […]
A common failing that we often see when organisations perform risk management is a lack of ‘complete’ understanding of the potential impacts of an information security breach from both internal and external perspectives, i.e. not fully understanding the context of the organisation. You need to be thinking of risks from the perspective of all stakeholders, […]