A question which comes up time and time again is ‘How do I approach asset identification within my information security risk assessment’. Typically, this question is twofold; which assets to include and the depth or granularity. This week’s top tip will look at granularity. In short, stay high level where possible. Your goal, through the […]
This week top tip focuses on an aspect of the GDPR which can be particularly challenging for a number of organisations, namely how do you ensure your supply chain complies with the Regulation when processing personal data. The obligations for data controllers to manage the processing of personal data throughout their supply chain are clearly […]
Having assisted just short of 200 organisations achieve ISO 27001 certification, we are often asked about what we consider to be the critical steps or building blocks when implementing an effective information security management system. Whenever we respond to the question, part of our answer is always “ensure you have the appropriate resources in place.” […]
Three Tips to Help you Simplify your Risk Management Process
Tips from URM – About Demonstrating GDPR Compliance
Impact of Legislation/Regulation on Your Approach to Risk
PCI DSS V4.0 is on its way So, PCI DSS v4.0 has started its development journey and is expected to be released sometime late 2020. The actual release date will largely depend on the feedback received during the development review process. So what is the development process? From 6 September to 15 November 2017 (yes […]
This week´s tip focuses on business continuity and, like some of our recent blogs, we want to step back from the coalface and look at the big picture. So, what should be your business continuity mantra (i.e. words, phrase or slogan that will help us always remember what our overriding BC priorities are), what […]
Managing Supplier Risk Surveys and reviews of information security incidents typically highlight third parties as being one of the major sources of issues and breaches (e.g. PWC Information Security Survey) and URM believes that many of these could be avoided by organisations improving their due diligence process. URM has repeatedly found that the due diligence […]
