Blogs

  • Classroom training: Still life in the old dog?, training, helping organisations, iso 27001, iso 22301, infosec, informationsecurity, urm, ultima risk management, pcidss

    Classroom training: Still life in the old dog?

    In 2002 when URM first started to develop and deliver information security, business continuity and risk management courses, the demise of classroom training was being strongly predicted in favour of computer-based, self-study training. Despite the doom-mongers’ predictions, 17 years later face-to-face training is still going strong. In some ways, you could argue the continuing demand for […]

  • Who is responsible of managing Infosec incidents?, infosec, information security, iso27001, isms, urm, urm consulting, consultnacy, ISO, international standards

    Who is responsible for managing Infosec incidents?

    Introduction Due to the increased use of information technologies and the ‘human’ involvement (both malicious, accidental and incompetent!), it is inevitable we are all going to face more and more information security incidents in the future.  The challenge for all of us is minimising the likelihood of an incident occurring and also preparing for the […]

  • Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS, payment card security standard, pci, pci dss, payment card, online payment, card, credit card data, iso standards, iso, isms, pentest, iso27001, infosec, infprmatiosecurity

    Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS?

    The short answer to this often-asked question is ‘Yes’!  There are, however, a number of other misconceptions surrounding this area of compliance and we will hopefully be adding some clarification in this blog! One misconception that we frequently encounter is when the term ‘vulnerability scanning’ is confused with ‘penetration testing’. Whilst vulnerability scanning and penetration […]

  • 5 ways to reduce your PCI DSS scope, scope, pci, pcidss, pci dss, payment card security standard, payment card , pci ssc, infosec, ISO 27001, ISO, isms, ISO standard, iso standards

    5 ways to reduce your PCI DSS scope

    Almost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability of the Standard.  Even veterans of PCI DSS compliance can struggle with scope creep over time as an organisation’s networks evolve.   So, it should be no surprise that scope reduction is one of […]

  • Cyberattacks review and emerging trends, cyber security, cyber, cyber, security, infosec, information security, ISO27001 SIO, isms, international standards

    Cyberattacks review and emerging trends – Not pleasant reading for SMEs

    There is one question that everyone is guaranteed to get right – are cyberattacks on the increase? In this blog, we will review some of the more significant cyberattacks over the last year and look for any emerging trends in terms of cybercrime targets, as well as the type of attacks.  First, let’s make sure […]

  • PCI DSS: Pros and Cons of Outsourcing, pci, payment card data, payment card security, information security, infosec, iso , isms, iso 27001

    PCI DSS: Pros and Cons of Outsourcing

    In this blog, we address one of the big questions facing organisations which accept payment cards and are looking to comply with the PCI DSS. Should we outsource the storing, processing and transmitting of cardholder data (CHD)? Let’s look at the benefits and disadvantages of outsourcing. Pros of outsourcing Reduction of scope and in-scope processes Any […]

  • What types of evidence should you be collecting when conducting audits, auditing, audit, infosec audit, ainformation security, information security, iso 27001, infosec, iso standards, iso, iso isms

    What types of evidence should you be collecting when conducting audits?

    A crucial element in performing an audit is the collection and evaluation of evidence.  Evidence is used to determine if the process or control being audited is performing as expected. In this blog, we will be exploring how you can define what evidence is required and what are the most effective ways of gathering evidence. Evidence […]

  • Monzo Bank tells customers to change their PINs after security, pci dss, card security monzo bank pin security infosec information security

    To store or not to store? That is the multimillion-dollar (fine) question.

    This week’s blog tackles the question of storing cardholder data and why the Payment Card Industry Data Security Standard (PCI DSS) is so beneficial. Fundamentally, it is very clear on this topic – if you don’t need it, don’t store it.  Furthermore, if you do need it, make sure that you know everywhere it is […]

  • Importance of ISO 27001 internal audit, interna audit, audit, urm, URM, ISO 27001, InformationSecurity, Infosec, Infosecurity, International standard, ISO

    Importance of ISO 27001 internal audits

    Definition With this week’s blog, the spotlight turns to internal audit and specifically in the context of ISO 27001, the International Standard for Information Security Management. We will step right back and look at internal auditing from the perspective of those new to the subject or those trying to understand where and why it fits. […]