May 2019

Article, where we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI-DSS) places around the protection of cardholder data (CHD) and sensitive authentication data (SAD)

Tips from URM – PCI DSS | What are the requirements for protecting CHD and SAD?

Top tips from URM about Password Management and Compensating Controls

Tips from URM – Password Management and Compensating Controls

The value of an internal information Security audit. A few reasons why you should not neglect it.

The Value of Internal Audit

This week’s blog takes a look at internal audit. Whilst it is a mandatory requirement of management systems, internal audit can often be the neglected ‘poor relation’. This is particularly true in smaller organisations where the internal audit team consists of ‘volunteers’ who conduct audits as a secondary role to their day jobs. Their line […]

How to deliver a business continuity exercise – the essentials

There is no arguing that exercising is an essential part of business continuity (BC) preparedness. The challenge is how best to exercise our business continuity plans (BCPs) or incident management plans (IMPs). This week’s blog is the first in a series of blogs around exercising where we will lay down what we see as the […]

Phishing is on the rise – What should you be doing?

This week we are looking at the rise of phishing attacks and what we should be doing to prevent them. Let’s start with some scary stats!. Verizon’s 2017 data breach report indicated that: 3% of users who receive phishing emails fall for them (whether via a link or an opened attachment) 15% of all unique users […]

Corporate Governance, IT Governance and Information Governance

In this week’s blog, we are going to look at governance. We are regularly asked, ‘what do you mean by governance?’ or, ‘is information governance the same as IT governance?’ There seems to be a lot of confusion and mispositioning of governance, its role and the different forms. In this blog, we will provide some […]