Need to engage employees in risk assessment process As the gradual easing of lockdown continues, more and more organisations are looking at how they can open workplaces back up. Below is the downloadable poster that the UK Government recommends all employers display to show that its guidance has been followed. Top of the list – ‘we […]
In this the first of a series of blogs on risk, we are going to look at the pivotal role that risk management plays in helping us protect our information assets. We are also going to explore why the focus on a risk-based approach has helped turn ISO 27001, the International Information Security Management Standard, […]
In 2002 when URM first started to develop and deliver information security, business continuity and risk management courses, the demise of classroom training was being strongly predicted in favour of computer-based, self-study training. Despite the doom-mongers’ predictions, 17 years later face-to-face training is still going strong. In some ways, you could argue the continuing demand for […]
In this week’s blog, we are going to look at governance. We are regularly asked, ‘what do you mean by governance?’ or, ‘is information governance the same as IT governance?’ There seems to be a lot of confusion and mispositioning of governance, its role and the different forms. In this blog, we will provide some […]
We are often asked ‘should I start my ISO 27001 programme with a gap analysis or is there a better starting point?’. The answer depends on your goals and knowledge of your current position. This blog will look at which is best and when. When it comes to determining your need for information security controls […]
At URM, we are big advocates of adopting a risk-based approach when looking at ways in which to improve information security. The cornerstone of this is conducting a risk assessment. There are many benefits attached to conducting risk assessments, most of which are focused around business efficiency, prioritising and targeting. For example, the risk assessment […]
In our blog on risk management challenges for 2019, we referred to the perennial risk attached to suppliers, as third parties continue to be a major source of incidents. Linked to the Brexit issue, understanding the risks your suppliers face and the measures they are taking to mitigate those risks is vital. In this blog, […]
There has been a lot said and written about the risks businesses are expected to face in 2019, but less about challenges of risk management and the process itself. Here are our thoughts on what we see as the key challenges : Legislation/regulation and the impact on your risk tolerance– In 2018, we saw a […]
What is Abriska? Abriska is a web-based tool (think software as a service) with a number of modules all focused on helping organisations implement a best practice approach to managing risk. The first module we developed addressed information security risk and was followed with others looking at business continuity, supplier risk, operational risk, and action […]