Top Tips

  • Tips from URM – The low down on the ‘zero trust’

    Zero Trust, devised by John Kindervag, offers a radical approach to network architecture and management. The premise behind zero trust approach is quite simply ‘never trust, always verify’. In practice, this means you need to minimise the line between the outside world and the internal network.  In a zero-trust environment, you treat the internal network […]

  • What tools will I need to manage an ISMS, isms, information security management system, infosec management, infosec, infosecurity, infosecurity management sysitem, iso 27001, iso standards, international standards, ISO, iso

    What tools will I need to manage an ISMS?

    This week’s top tip looks at a frequently asked question by organisations which are looking to comply or certify to ISO 27001, the International Information Security Standard – ‘what tools will I need to manage an information security management system (ISMS)’.  A big concern for many organisations is that implementing an ISMS will lead to […]

  • 3 key considerations when accepting card payments via the phone, PCI DSS, PAYMENT CARD, PAYMENT, CARD SECURITY, PAYMENT CARD SECURITY, PAYMENT CARD SECURITY STANDARD, PCIDSS pcissc, phone transaction

    3 key considerations when accepting card payments via the phone

    This week’s top tip looks at the key considerations when accepting card payment via phone. For many organisations accepting card payment via phone is just ‘business as usual’, for others it’s one of those things that is done as a back-up or an occasional ‘one off’.  An example of the latter is online only organisations […]

  • POWER CUT, power cuts, business continuity, disaster recovery, business continuity plan, iso, iso 22301

    Tips from URM – Are you ready for the next power cut?

    Are you ready for the unexpected? Here’s some food for thought. Did you know that: ► More than 40% of businesses affected by the Manchester bombing of 1996 went out of business? ► Approximately 18,000 businesses ceased to exist following the attacks of September 11 2001 ► 92 businesses employing 9,500 staff were forced to […]

  • passwords management, passwords, security, cyber security, cyber, security , information security , isms, infosec, iso, sio27001, international standards, iso22301, breach

    Tips from URM – Password management – What is best practice?

    One of the long-held beliefs underpinning many a password policy is that forcing a regular password change is a good thing.  After all, by changing our passwords on a regular basis we might be able to stop an attacker taking advantage of a password they may have discovered.   However, by forcing users to change […]

  • information security controls you should implement, infosec, information security, ISO 27001, International Standards

    Tips from URM – What dictates which information security controls you should implement?

    The information security controls that all organisations need to implement are heavily dependent  on the information being stored, processed or transmitted and the purpose of the processing.  For example, whilst regular penetration testing may be appropriate for some organisations, it may not be required for others.     This is where risk management kicks in.  Best practice dictates that you need to identify the risks that your organisation faces before proceeding with the implementation of appropriate controls to reduce these risks to a level which is acceptable to your stakeholders.  Risk appetite will typically be defined by directors, shareholders or regulators along with compliance […]

  • Data Transfer, gdpr, data protection , information security, infosec,, infosecurity

    Data Transfer – Are Standard Contractual Clauses Sufficient?

    Are Standard Contractual Clauses Sufficient? This week’s top tip looks at a very specific area of GDPR – Article 28 to be precise and data transfer outside of the EEA. One of the ways in which you can legitimise an ex-EEA data transfer is by using the standard contractual clauses (SCCs).   Article 28 mandates […]