Information Security Blogs | Everything you need to know
  • ISO/IEC 27701 | What is it? What are the benefits of implementing it?, iso 27701, iso data, 27701, 27552, iso standards, iso 27001, 27001, information security, data protection, gdpr, implementing security, urm consulting blog, urm, urm consulting, urm information security, iso 27701 privacy information management, iso information, 27552, iso 27552, 27701

    ISO/IEC 27701 – What is it? What are the benefits of implementing it?

    ISO 27701 privacy information management The need for guidance on how organisations should best protect privacy and manage personal information has never been more pertinent. Fortunately, guidance has now arrived in the form of ISO/IEC 27701:2019 (ISO 27701*), a new International Standard, which sets out how organisations should manage personal information and demonstrate compliance with […]

  • GDPR, Brexit and the Adequacy Decision, brexit, gdpr, exit, european eunion, europe, leaving europe, urm consulting, news, blog, urm consulting gdpr, gdpr blog, brexit blog, brexit news

    GDPR, Brexit and the Adequacy Decision

    GDPR, Brexit and the Adequacy Decision Subject to approval from the European Parliament, the UK will formally leave the EU on 31 January with a withdrawal deal and will enter a transition period until 31 December 2020. With this in mind, where does that leave the UK from a data protection perspective and what steps, […]

  • Software asset management (SAM): What is it and why implement it now?, sam, saham, software and hardware asset management course, training, urm consulting, uk trainers, bcs sam course

    Software asset management (SAM): What is it and why implement it now?

    This week’s blog looks at software asset management (SAM). URM has been involved in delivering classroom-based training on SAM for 14 years and with a new syllabus being released by the BCS reflecting current challenges and disciplines, we thought it was the ideal time to provide our perspective on SAM. In particular, we want to […]

  • New Year, Old Threats | Another ransomware attack, ransomware, cyber attack, phishing attack, phishing email, information security awareness, infosec awareness, inosec, inosecurity, informationsecurity

    New Year, Old Threats – Another ransomware attack

    So, the new year had barely begun, when news of another ransomware attack broke ( This time, a US military base was compromised but there was a very familiar storyline with officials reporting that they believed the ransomware was sent in a malicious email link, clicked by an employee.  For those of you who are not familiar with this specific type of malicious software, […]

  • DPO Blog: In-house Resource vs Virtual DPO, gdpt, data protection officer, general data protectionj regulation, data protection compliance, gdpr compliance, information security

    DPO Blog: In-house Resource vs Virtual DPO

    In-house Resource vs Virtual DPO This week’s blog takes a look at data protection officers (DPOs) and considers when to look in-house and when a virtual, external resource or hybrid resource may be a better option. So, let’s start by considering the requirement for a DPO.  Under Article 37 of the General Data Protection Regulation […]

  • Compliance in Christmas, compliance, international standards, it governance, governance, risk management, business continuity, information security, infosec, infosecurity, iso27001, iso22301, disaster recovery, pcidss, payment card, payment security, breach, breach report, cyber security

    Compliance in Christmas

    With Christmas just around the corner, this is one of the busiest times of the year for many businesses, and particularly PCI DSS compliant organisations. It will be of no surprise to anyone that the number of card transactions being processed at this time of year increases dramatically.  With the increase in the volume of […]

  • Subject access requests (SARs) – The need for education and centralised processes, sar, sars, personal data, forms, gdpr, general data protection regulation, data protection , dp,

    Subject Access Requests (SARs) – The need for education and centralised processes

    Subject Access Requests (SARs) – The Need for Education and Centralised Processes In a previous blog, we looked at the importance of an organisation establishing a tried and tested subject access request (SAR) response process. Having a well-drilled team following a clearly defined process is all well and good but will be largely redundant if SARs […]

  • Who is responsible of managing Infosec incidents?, infosec, information security, iso27001, isms, urm, urm consulting, consultnacy, ISO, international standards

    Who is responsible for managing Infosec incidents?

    Introduction Due to the increased use of information technologies and the ‘human’ involvement (both malicious, accidental and incompetent!), it is inevitable we are all going to face more and more information security incidents in the future.  The challenge for all of us is minimising the likelihood of an incident occurring and also preparing for the […]

  • Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS, payment card security standard, pci, pci dss, payment card, online payment, card, credit card data, iso standards, iso, isms, pentest, iso27001, infosec, infprmatiosecurity

    Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS?

    The short answer to this often-asked question is ‘Yes’!  There are, however, a number of other misconceptions surrounding this area of compliance and we will hopefully be adding some clarification in this blog! One misconception that we frequently encounter is when the term ‘vulnerability scanning’ is confused with ‘penetration testing’. Whilst vulnerability scanning and penetration […]