In 2002 when URM first started to develop and deliver information security, business continuity and risk management courses, the demise of classroom training was being strongly predicted in favour of computer-based, self-study training. Despite the doom-mongers’ predictions, 17 years later face-to-face training is still going strong. In some ways, you could argue the continuing demand for […]
Zero Trust, devised by John Kindervag, offers a radical approach to network architecture and management. The premise behind zero trust approach is quite simply ‘never trust, always verify’. In practice, this means you need to minimise the line between the outside world and the internal network. In a zero-trust environment, you treat the internal network […]
Introduction Due to the increased use of information technologies and the ‘human’ involvement (both malicious, accidental and incompetent!), it is inevitable we are all going to face more and more information security incidents in the future. The challenge for all of us is minimising the likelihood of an incident occurring and also preparing for the […]
This week’s top tip looks at a frequently asked question by organisations which are looking to comply or certify to ISO 27001, the International Information Security Standard – ‘what tools will I need to manage an information security management system (ISMS)’. A big concern for many organisations is that implementing an ISMS will lead to […]
The short answer to this often-asked question is ‘Yes’! There are, however, a number of other misconceptions surrounding this area of compliance and we will hopefully be adding some clarification in this blog! One misconception that we frequently encounter is when the term ‘vulnerability scanning’ is confused with ‘penetration testing’. Whilst vulnerability scanning and penetration […]
Almost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability of the Standard. Even veterans of PCI DSS compliance can struggle with scope creep over time as an organisation’s networks evolve. So, it should be no surprise that scope reduction is one of […]
We are often asked whether the terms business continuity (BC) and disaster recovery (DR) mean or represent the same thing and if not what are the key differences. This top tip will provide some clarity on the respective definitions and in doing so ensure your organisation is prepared to deal with both BC and DR […]