Top Tips Archives - Page 3 of 4 - URM
  • PCI DSS - Top 5 five areas where URM sees organisations failing to implement PCI DSS requirements into their BAU process:

    Tips from URM – PCI DSS compliance as BAU

    PCI DSS compliance as BAU (Business As Usual) For an organisation to achieve and maintain compliance to the Payment Card Industry Data  Security Standard (PCI DSS), the Payment Card Industry Security Standard Council (PCI SSC) encourages organisations to implement security into it business as usual (BAU) processes. From URM’s own experience this is especially true for […]

  • Article, where we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI-DSS) places around the protection of cardholder data (CHD) and sensitive authentication data (SAD)

    Tips from URM – PCI DSS | What are the requirements for protecting CHD and SAD?

    In this article, we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI DSS) places around the protection of cardholder data (CHD) and sensitive authentication data (SAD) in particular. Bit of a recap first.  The PCI DSS is an information security standard for organisations that store, process and/or transmit payment card belonging […]

  • Top tips from URM about Password Management and Compensating Controls

    Tips from URM – Password Management and Compensating Controls

    Section 8.2.4 of the PCI DSS v3.2.1 specifies that passwords must be changed at least once every 90 days. In our day-to-day PCI DSS consultancy work, we are frequently asked whether there is any flexibility in extending the period when passwords need to be changed and whether ‘compensating controls’ can be used. The argument often […]

  • Tips from URM – Scope

    One area we are often questioned about is scope. How do you identify and then manage your scope?  This week’s tip focuses on just that! When you are looking at the processes associated with managing the security of your organisation’s information assets, there are a number of occasions where you will need to consider the scope […]

  • Tips From URM – Management Commitment

    In previous blogs, we have tackled a number of fundamental ISO 27001 components.  One of the most significant is management commitment and this week’s top tip will look at just that. Commitment from your leadership team is absolutely crucial to managing information security within your organisation.  In just the same way as pretty much any […]

  • Tips from URM – Information Assets – Part 2

    Our top tip last week focussed on a question which often crops up, ‘How do we approach asset identification within our information security risk assessment?’.  As we pointed out, there are 2 aspects to this question; ‘which assets do we include?’ and ‘how granular do we make the list?’.  This week’s top tip examines which […]

  • Tips From URM – Information Asset Granularity

    A question which comes up time and time again is ‘How do I approach asset identification within my information security risk assessment’.  Typically, this question is twofold; which assets to include and the depth or granularity.  This week’s top tip will look at granularity. In short, stay high level where possible.  Your goal, through the […]

  • Tips from URM – Understanding competence requirements

    Having assisted just short of 200 organisations achieve ISO 27001 certification, we are often asked about what we consider to be the critical steps or building blocks when implementing an effective information security management system.  Whenever we respond to the question, part of our answer is always “ensure you have the appropriate resources in place.” […]