Risk Management

URM > Risk Management
  • Importance of Assessing COVID-19 Risks Before Reopening Your Workplace

    Need to engage employees in risk assessment process As the gradual easing of lockdown continues, more and more organisations are looking at how they can open workplaces back up. Below is the downloadable poster that the UK Government recommends all employers display to show that its guidance has been followed.  Top of the list – ‘we […]

  • Risk Management | What is it? Benefits to InfoSec and ISO 27001, services, consultancy, training, risk management, risk, what is risk, information security, risk, risk management, risk management blog, blog, urm consulting blog, risk blog, risk management definition, risk definition

    Risk Management – What is it? What are the benefits to InfoSec and ISO 27001?

    In this the first of a series of blogs on risk, we are going to look at the pivotal role that risk management plays in helping us protect our information assets. We are also going to explore why the focus on a risk-based approach has helped turn ISO 27001, the International Information Security Management Standard, […]

  • Classroom training: Still life in the old dog?, training, helping organisations, iso 27001, iso 22301, infosec, informationsecurity, urm, ultima risk management, pcidss

    Classroom training: Still life in the old dog?

    In 2002 when URM first started to develop and deliver information security, business continuity and risk management courses, the demise of classroom training was being strongly predicted in favour of computer-based, self-study training. Despite the doom-mongers’ predictions, 17 years later face-to-face training is still going strong. In some ways, you could argue the continuing demand for […]

  • Corporate Governance, IT Governance and Information Governance

    In this week’s blog, we are going to look at governance.  We are regularly asked, ‘what do you mean by governance?’ or, ‘is information governance the same as IT governance?’  There seems to be a lot of confusion and mispositioning of governance, its role and the different forms.  In this blog, we will provide some […]

  • Gap Analysis or Risk Assessment?

    We are often asked ‘should I start my ISO 27001 programme with a gap analysis or is there a better starting point?’.  The answer depends on your goals and knowledge of your current position.  This blog will look at which is best and when. When it comes to determining your need for information security controls […]

  • Information risk assessments – Benefits and implementation tips

    At URM, we are big advocates of adopting a risk-based approach when looking at ways in which to improve information security.  The cornerstone of this is conducting a risk assessment. There are many benefits attached to conducting risk assessments, most of which are focused around business efficiency, prioritising and targeting.  For example, the risk assessment […]

  • How should you approach supply chain risk management?

    In our blog on risk management challenges for 2019, we referred to the perennial risk attached to suppliers, as third parties continue to be a major source of incidents.  Linked to the Brexit issue, understanding the risks your suppliers face and the measures they are taking to mitigate those risks is vital.  In this blog, […]

  • Risk Management Challenges in 2019

    There has been a lot said and written about the risks businesses are expected to face in 2019, but less about challenges of risk management and the process itself.  Here are our thoughts on what we see as the key challenges : Legislation/regulation and the impact on your risk tolerance– In 2018, we saw a […]

  • Introducing Abriska – What is it and why adopt it?

    What is Abriska? Abriska is a web-based tool (think software as a service) with a number of modules all focused on helping organisations implement a best practice approach to managing risk. The first module we developed addressed information security risk and was followed with others looking at business continuity, supplier risk, operational risk, and action […]