
Tips from URM – What dictates which information security controls you should implement?
The information security controls that all organisations need to implement are heavily dependent on the information being stored, processed or transmitted and the purpose of the processing. For example, whilst regular penetration testing may be appropriate for some organisations, it may not be required for others. This is where risk management kicks in. Best practice dictates that you need to identify the risks that your organisation faces before proceeding with the implementation of appropriate controls to reduce these risks to a level which is acceptable to your stakeholders. Risk appetite will typically be defined by directors, shareholders or regulators along with compliance […]