October 2019

  • Classroom training: Still life in the old dog?, training, helping organisations, iso 27001, iso 22301, infosec, informationsecurity, urm, ultima risk management, pcidss

    Classroom training: Still life in the old dog?

    In 2002 when URM first started to develop and deliver information security, business continuity and risk management courses, the demise of classroom training was being strongly predicted in favour of computer-based, self-study training. Despite the doom-mongers’ predictions, 17 years later face-to-face training is still going strong. In some ways, you could argue the continuing demand for […]

  • Tips from URM – The low down on the ‘zero trust’

    Zero Trust, devised by John Kindervag, offers a radical approach to network architecture and management. The premise behind zero trust approach is quite simply ‘never trust, always verify’. In practice, this means you need to minimise the line between the outside world and the internal network.  In a zero-trust environment, you treat the internal network […]

  • Who is responsible of managing Infosec incidents?, infosec, information security, iso27001, isms, urm, urm consulting, consultnacy, ISO, international standards

    Who is responsible for managing Infosec incidents?

    Introduction Due to the increased use of information technologies and the ‘human’ involvement (both malicious, accidental and incompetent!), it is inevitable we are all going to face more and more information security incidents in the future.  The challenge for all of us is minimising the likelihood of an incident occurring and also preparing for the […]

  • What tools will I need to manage an ISMS, isms, information security management system, infosec management, infosec, infosecurity, infosecurity management sysitem, iso 27001, iso standards, international standards, ISO, iso

    What tools will I need to manage an ISMS?

    This week’s top tip looks at a frequently asked question by organisations which are looking to comply or certify to ISO 27001, the International Information Security Standard – ‘what tools will I need to manage an information security management system (ISMS)’.  A big concern for many organisations is that implementing an ISMS will lead to […]

  • Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS, payment card security standard, pci, pci dss, payment card, online payment, card, credit card data, iso standards, iso, isms, pentest, iso27001, infosec, infprmatiosecurity

    Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS?

    The short answer to this often-asked question is ‘Yes’!  There are, however, a number of other misconceptions surrounding this area of compliance and we will hopefully be adding some clarification in this blog! One misconception that we frequently encounter is when the term ‘vulnerability scanning’ is confused with ‘penetration testing’. Whilst vulnerability scanning and penetration […]

  • 5 ways to reduce your PCI DSS scope, scope, pci, pcidss, pci dss, payment card security standard, payment card , pci ssc, infosec, ISO 27001, ISO, isms, ISO standard, iso standards

    5 ways to reduce your PCI DSS scope

    Almost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability of the Standard.  Even veterans of PCI DSS compliance can struggle with scope creep over time as an organisation’s networks evolve.   So, it should be no surprise that scope reduction is one of […]