April 2019

  • Key success criteria for an information security awareness programme

    In one of our recent blogs, we identified the essential role that organisation-wide awareness programmes play in addressing user-related threats to information security.  As URM has been involved in reviewing and developing countless awareness programmes, we thought it will be useful to share our thoughts on what we see as the key success criteria (as […]

  • Tips from URM – Information Assets – Part 2

    Our top tip last week focussed on a question which often crops up, ‘How do we approach asset identification within our information security risk assessment?’.  As we pointed out, there are 2 aspects to this question; ‘which assets do we include?’ and ‘how granular do we make the list?’.  This week’s top tip examines which […]

  • UK Cyber Attacks on the Increase – URM

    There are a number of annual information security/cyber security reports released throughout the year, providing us with an information security/cyber security ‘picture’.  The latest to be published is The Hiscox Cyber Readiness Report 2019.  This report is interesting as it is the third version, enabling us to look at changes year-on-year and comparing like with […]

  • What is business continuity – ISO 22301?

    What is business continuity? In a number of recent blogs, we have looked to step back and revert to ‘first principles’ on a range of subjects before deep diving into the detail.  That’s what we’re going to do here with the topic of business continuity.   Let’s start by defining what is meant by business […]

  • Tips From URM – Information Asset Granularity

    A question which comes up time and time again is ‘How do I approach asset identification within my information security risk assessment’.  Typically, this question is twofold; which assets to include and the depth or granularity.  This week’s top tip will look at granularity. In short, stay high level where possible.  Your goal, through the […]

  • Information security awareness – Are the people failing the process or is the process failing the people?

    Broadly speaking, information security is held up by three pillars – People, Process and Technology.  As threats to our information security (and particularly cyber-related threats) continue to emerge and evolve, we constantly look to technological solutions to help combat these threats, e.g. firewalls, encryption, antivirus, intrusion detection systems, etc.   However, it is important to not […]

  • What to expect from the 2019 update of ISO 22301

    At the start of January this year, a draft updated version of the international business continuity management standard, namely ISO/DIS 22301 was issued.  Although international standards are updated on a regular basis, you could be forgiven for wondering why ISO 22301 and what changes are we likely to see?  ISO 22301 was the first standard […]

  • Information risk assessments – Benefits and implementation tips

    At URM, we are big advocates of adopting a risk-based approach when looking at ways in which to improve information security.  The cornerstone of this is conducting a risk assessment. There are many benefits attached to conducting risk assessments, most of which are focused around business efficiency, prioritising and targeting.  For example, the risk assessment […]

  • Tips from URM – Understanding competence requirements

    Having assisted just short of 200 organisations achieve ISO 27001 certification, we are often asked about what we consider to be the critical steps or building blocks when implementing an effective information security management system.  Whenever we respond to the question, part of our answer is always “ensure you have the appropriate resources in place.” […]