Blogs Archives - Page 9 of 13 - URM
  • 5 common pitfalls to avoid to achieve or maintain PCI DSS compliance. (PCI DSS Payment Card Industry Data Security Standard )

    Top 5 common pitfalls of PCI DSS compliance

    As a Payment Card Industry Qualified Security Assessor (PCI QSA) company, we are often asked by organisations which process card payments what are main pitfalls to avoid in complying with the Payment Card Industry Data Security Standard (PCI DSS).  Well, here’s our top five (5) pitfalls to avoid if your organisation is looking achieve or […]

  • PCI DSS report, Preparing for a Report on Compliance

    Preparing for a Report on Compliance (ROC)

    There’s no getting away from the fact that preparing for a PCI DSS ROC can be a bit of a trial, and particularly for those who are experiencing their first visit from a QSA.  Like most trials, the good news is that future visits do get easier as your infrastructure gets up to spec.  That […]

  • Merchants vs. Service Providers: What are they and what are the requirements, PCI DSS compliance

    Merchants vs. Service Providers: What are they and what are the requirements? Part 2

    In our last blog we addressed merchants, so this time we turn to service providers.  A service provider is defined as a ‘business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data. This also includes companies that provide services that control or could impact the security […]

  • Describing Information classification. Information Security (ISO 27001)

    What is Meant by Information Classification?

    The focus of this week’s blog is information classification. Let’s start with first principles – What exactly do we mean by information classification?  In its simplest form, information classification is the process by which we assess the information we hold and identify the appropriate level of protection it must be given.  This protection may focus […]

  • The value of an internal information Security audit. A few reasons why you should not neglect it.

    The Value of Internal Audit

    The Value of Internal Audit This week’s blog takes a look at internal audit. Whilst it is a mandatory requirement of management systems, internal audit can often be the neglected ‘poor relation’.  This is particularly true in smaller organisations where the internal audit team consists of ‘volunteers’ who conduct audits as a secondary role to […]

  • How to deliver a business continuity exercise – the essentials

    How to Deliver a Business Continuity Exercise – The Essentials There is no arguing that exercising is an essential part of business continuity (BC) preparedness.  The challenge is how best to exercise our business continuity plans (BCPs) or incident management plans (IMPs).  This week’s blog is the first in a series of blogs around exercising […]

  • Phishing is on the rise – What should you be doing?

    This week we are looking at the rise of phishing attacks and what we should be doing to prevent them.  Let’s start with some scary stats!. Verizon’s 2017 data breach report indicated that: 3% of users who receive phishing emails fall for them (whether via a link or an opened attachment) 15% of all unique users […]

  • Corporate Governance, IT Governance and Information Governance

    In this week’s blog, we are going to look at governance.  We are regularly asked, ‘what do you mean by governance?’ or, ‘is information governance the same as IT governance?’  There seems to be a lot of confusion and mispositioning of governance, its role and the different forms.  In this blog, we will provide some […]