Latest News Archives - Page 4 of 10 - URM
  • Data Protection – What is the current focus?

    This week’s top tip focuses on data protection and the value of the information you can find on the Information Commissioner’s Office (ICO) website. There is a wealth of information available on the ICO’s website, however, probably one of the most visited areas is ‘Action We’ve Taken’.  In particular, the enforcement notices, audits, advisory visits […]

  • Latest recovery disaster, expect the unexpected, Business COntinuity, Thames Water,South American Power Cut, floods, ISO 22301

    Tips from URM | Expect the Unexpected – But have you Planned for the Unexpected?

    Have you Planned for the Unexpected? This week’s top tip reflects on the prevalent theme of ‘uncertainty’.  Whether it be the general backdrop of political uncertainty that has dominated our lives since 23 June 2016, the vexing Tory leadership race  as we await to see who will be our next Prime Minister or the unpredictability […]

  • Cyber / Information Security / Business Continuity management – Continuous Improvement , What next?

    Continuous Improvement, What next? This week’s top tip focuses on where to seek information and highlights a recently released report which contains useful and valuable information. A fundamental expectation of all ‘best practice’ ISO management systems is the requirement for a programme of continuous improvement.  There is often a danger within all organisations that programmes can […]

  • PCI DSS - Top 5 five areas where URM sees organisations failing to implement PCI DSS requirements into their BAU process:

    Tips from URM – PCI DSS compliance as BAU

    PCI DSS compliance as BAU (Business As Usual) For an organisation to achieve and maintain compliance to the Payment Card Industry Data  Security Standard (PCI DSS), the Payment Card Industry Security Standard Council (PCI SSC) encourages organisations to implement security into it business as usual (BAU) processes. From URM’s own experience this is especially true for […]

  • Article, where we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI-DSS) places around the protection of cardholder data (CHD) and sensitive authentication data (SAD)

    Tips from URM – PCI DSS | What are the requirements for protecting CHD and SAD?

    In this article, we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI DSS) places around the protection of cardholder data (CHD) and sensitive authentication data (SAD) in particular. Bit of a recap first.  The PCI DSS is an information security standard for organisations that store, process and/or transmit payment card belonging […]

  • Top tips from URM about Password Management and Compensating Controls

    Tips from URM – Password Management and Compensating Controls

    Section 8.2.4 of the PCI DSS v3.2.1 specifies that passwords must be changed at least once every 90 days. In our day-to-day PCI DSS consultancy work, we are frequently asked whether there is any flexibility in extending the period when passwords need to be changed and whether ‘compensating controls’ can be used. The argument often […]

  • Tips from URM – Scope

    One area we are often questioned about is scope. How do you identify and then manage your scope?  This week’s tip focuses on just that! When you are looking at the processes associated with managing the security of your organisation’s information assets, there are a number of occasions where you will need to consider the scope […]

  • Tips From URM – Management Commitment

    In previous blogs, we have tackled a number of fundamental ISO 27001 components.  One of the most significant is management commitment and this week’s top tip will look at just that. Commitment from your leadership team is absolutely crucial to managing information security within your organisation.  In just the same way as pretty much any […]

  • Tips from URM – Information Assets – Part 2

    Our top tip last week focussed on a question which often crops up, ‘How do we approach asset identification within our information security risk assessment?’.  As we pointed out, there are 2 aspects to this question; ‘which assets do we include?’ and ‘how granular do we make the list?’.  This week’s top tip examines which […]