Should You Start Your ISO 27001 Programme with a Gap Analysis or is There a Better Starting Point? The answer depends on your goals and knowledge of your current position. This blog will look at which is best and when. When it comes to determining your need for information security controls there are a couple […]
In one of our recent blogs, we identified the essential role that organisation-wide awareness programmes play in addressing user-related threats to information security. As URM has been involved in reviewing and developing countless awareness programmes, we thought it will be useful to share our thoughts on what we see as the key success criteria (as […]
There are a number of annual information security/cyber security reports released throughout the year, providing us with an information security/cyber security ‘picture’. The latest to be published is The Hiscox Cyber Readiness Report 2019. This report is interesting as it is the third version, enabling us to look at changes year-on-year and comparing like with […]
Business Continuity – ISO 22301 In a number of recent blogs, we have looked to step back and revert to ‘first principles’ on a range of subjects before deep-diving into the detail. That’s what we’re going to do here with the topic of business continuity. What is meant by business continuity? ISO 22301, the International Standard […]
Broadly speaking, information security is held up by three pillars – People, Process and Technology. As threats to our information security (and particularly cyber-related threats) continue to emerge and evolve, we constantly look to technological solutions to help combat these threats, e.g. firewalls, encryption, antivirus, intrusion detection systems, etc. However, it is important to not […]
At the start of January this year, a draft updated version of the international business continuity management standard, namely ISO/DIS 22301 was issued. Although international standards are updated on a regular basis, you could be forgiven for wondering why ISO 22301 and what changes are we likely to see? ISO 22301 was the first standard […]
At URM, we are big advocates of adopting a risk-based approach when looking at ways in which to improve information security. The cornerstone of this is conducting a risk assessment. There are many benefits attached to conducting risk assessments, most of which are focused around business efficiency, prioritising and targeting. For example, the risk assessment […]
With the latest attack on Magento-based web applications (JavaScript sniffing software), it is not the first time the platform has been exploited by malicious individuals. In a previous blog, we looked at some of the past attacks on Magento and offered some advice on what organisations can do to protect their online payment pages. Here, […]
The Difference Between Personal Data and Sensitive Personal Data There is some confusion about the difference between personal data and sensitive personal data and even whether sensitive personal data exists as a term! So, let’s see if we can clarify the situation. Under the old 1998 version of the Data Protection Act (DPA) 1998 there […]
