Blogs

  • GDPR, Brexit and the Adequacy Decision, brexit, gdpr, exit, european eunion, europe, leaving europe, urm consulting, news, blog, urm consulting gdpr, gdpr blog, brexit blog, brexit news

    GDPR, Brexit and the Adequacy Decision

    Subject to approval from the European Parliament, the UK will formally leave the EU on 31 January with a withdrawal deal and will enter a transition period until 31 December 2020. With this in mind, where does that leave the UK from a data protection perspective and what steps, if any, do organisations need to […]

  • Farewell to Windows 7 - end of support, keep system secure, windows 7 end of support, windows, microsoft, computer, urm consulting services, urm, news, latest news, infosec, gdpr, information security

    Farewell to Windows 7 – How to operate Windows 7 securely

    When Windows 7 was released on 22 October 2009, Microsoft committed to support this operating system for 10 years.  The decade of support ends today and, as a result, Microsoft will no longer issue software updates via Window Update.   Naturally, Microsoft has been urging Windows 7 users to upgrade their operating systems (OS) to […]

  • Software asset management (SAM): What is it and why implement it now?, sam, saham, software and hardware asset management course, training, urm consulting, uk trainers, bcs sam course

    Software asset management (SAM): What is it and why implement it now?

    This week’s blog looks at software asset management (SAM). URM has been involved in delivering classroom-based training on SAM for 14 years and with a new syllabus being released by the BCS reflecting current challenges and disciplines, we thought it was the ideal time to provide our perspective on SAM. In particular, we want to […]

  • New Year, Old Threats | Another ransomware attack, ransomware, cyber attack, phishing attack, phishing email, information security awareness, infosec awareness, inosec, inosecurity, informationsecurity

    New Year, Old Threats | Another ransomware attack

    So, the new year had barely begun, when news of another ransomware attack broke (https://www.bbc.com/news/technology-50972890). This time, a US military base was compromised but there was a very familiar storyline with officials reporting that they believed the ransomware was sent in a malicious email link, clicked by an employee.  For those of you who are not familiar with this specific type of malicious software, […]

  • DPO Blog: In-house Resource vs Virtual DPO, gdpt, data protection officer, general data protectionj regulation, data protection compliance, gdpr compliance, information security

    DPO Blog: In-house Resource vs Virtual DPO

    This week’s blog takes a look at data protection officers (DPOs) and considers when to look in-house and when a virtual, external resource or hybrid resource may be a better option. So, let’s start by considering the requirement for a DPO.  Under Article 37 of the General Data Protection Regulation (GDPR), certain organisations are required […]

  • Compliance in Christmas, compliance, international standards, it governance, governance, risk management, business continuity, information security, infosec, infosecurity, iso27001, iso22301, disaster recovery, pcidss, payment card, payment security, breach, breach report, cyber security

    Compliance in Christmas

    With Christmas just around the corner, this is one of the busiest times of the year for many businesses, and particularly PCI DSS compliant organisations. It will be of no surprise to anyone that the number of card transactions being processed at this time of year increases dramatically.  With the increase in the volume of […]

  • Subject access requests (SARs) – The need for education and centralised processes, sar, sars, personal data, forms, gdpr, general data protection regulation, data protection , dp,

    Subject access requests (SARs) – The need for education and centralised processes

    In a previous blog, we looked at the importance of an organisation establishing a tried and tested subject access request (SAR) response process. Having a well-drilled team following a clearly defined process is all well and good but will be largely redundant if SARs received across the organisation are not getting through to your dedicated individual […]

  • ISO 22301:2019 released: 5 key changes from 2012 version , iso, iso standards, iso standards, iso 22301, business continuity, disaster recovery, 22301 2019 new release, iso 22301 2019

    ISO 22301:2019 released: 5 key changes from 2012 version

    Following the publication of various draft versions of the Standard, BS EN ISO 22301:2019 was released last week. In this week’s Blog, URM provides you with its analysis of 5 key differences from the 2012 version of this International Standard for Business Continuity Management Systems. • The 2019 edition is significantly less detailed and prescriptive than […]

  • Classroom training: Still life in the old dog?, training, helping organisations, iso 27001, iso 22301, infosec, informationsecurity, urm, ultima risk management, pcidss

    Classroom training: Still life in the old dog?

    In 2002 when URM first started to develop and deliver information security, business continuity and risk management courses, the demise of classroom training was being strongly predicted in favour of computer-based, self-study training. Despite the doom-mongers’ predictions, 17 years later face-to-face training is still going strong. In some ways, you could argue the continuing demand for […]

  • Who is responsible of managing Infosec incidents?, infosec, information security, iso27001, isms, urm, urm consulting, consultnacy, ISO, international standards

    Who is responsible for managing Infosec incidents?

    Introduction Due to the increased use of information technologies and the ‘human’ involvement (both malicious, accidental and incompetent!), it is inevitable we are all going to face more and more information security incidents in the future.  The challenge for all of us is minimising the likelihood of an incident occurring and also preparing for the […]