In one of our recent blogs, we identified the essential role that organisation-wide awareness programmes play in addressing user-related threats to information security. As URM has been involved in reviewing and developing countless awareness programmes, we thought it will be useful to share our thoughts on what we see as the key success criteria (as […]
Information security awareness – Are the people failing the process or is the process failing the people?
Broadly speaking, information security is held up by three pillars – People, Process and Technology. As threats to our information security (and particularly cyber-related threats) continue to emerge and evolve, we constantly look to technological solutions to help combat these threats, e.g. firewalls, encryption, antivirus, intrusion detection systems, etc. However, it is important to not […]
At URM, we are big advocates of adopting a risk-based approach when looking at ways in which to improve information security. The cornerstone of this is conducting a risk assessment. There are many benefits attached to conducting risk assessments, most of which are focused around business efficiency, prioritising and targeting. For example, the risk assessment […]