The first and primary myth to dispel is that executing your decision to use an information security management system (ISMS) to manage the security of your information assets is a project. It is not. It is about establishing and formalising an effective approach to managing information security. Once established and implemented, it also needs to […]
In November 2019, we saw the release of the updated version of the International Business Continuity Management System Standard, BS EN ISO 22301:2019. In this top tip, URM provides you with its analysis of 5 key differences from the 2012 version of the Standard. Should you require more information on implementing a BCMS in line […]
Zero Trust, devised by John Kindervag, offers a radical approach to network architecture and management. The premise behind zero trust approach is quite simply ‘never trust, always verify’. In practice, this means you need to minimise the line between the outside world and the internal network. In a zero-trust environment, you treat the internal network […]
This week’s top tip looks at a frequently asked question by organisations which are looking to comply or certify to ISO 27001, the International Information Security Standard – ‘what tools will I need to manage an information security management system (ISMS)’. A big concern for many organisations is that implementing an ISMS will lead to […]
We are often asked whether the terms business continuity (BC) and disaster recovery (DR) mean or represent the same thing and if not what are the key differences. This top tip will provide some clarity on the respective definitions and in doing so ensure your organisation is prepared to deal with both BC and DR […]
This week’s top tip looks at the key considerations when accepting card payment via phone. For many organisations accepting card payment via phone is just ‘business as usual’, for others it’s one of those things that is done as a back-up or an occasional ‘one off’. An example of the latter is online only organisations […]
Are you ready for the unexpected? Here’s some food for thought. Did you know that: ► More than 40% of businesses affected by the Manchester bombing of 1996 went out of business? ► Approximately 18,000 businesses ceased to exist following the attacks of September 11 2001 ► 92 businesses employing 9,500 staff were forced to […]
One of the long-held beliefs underpinning many a password policy is that forcing a regular password change is a good thing. After all, by changing our passwords on a regular basis we might be able to stop an attacker taking advantage of a password they may have discovered. However, by forcing users to change […]
This is the question of the week, what is the difference between a certified and a compliant ISO 27001 management system? There is some confusion about the difference between having an information security management system (ISMS) which is certified to ISO 27001 and one which is compliant or aligned to the Standard. This week’s top tip […]