What Role does Penetration Testing Play in Preventing Unauthorised Access?
The consequences of unauthorised access are varied. Apart from financial losses, there is a loss of customer confidence. Can penetration testing prevent this?
URM provides some top tips for achieving an effective and successful information security management system implementation
When looking to comply with the General Data Protection Regulation (GDPR), it is always a worthwhile exercise....
On 23 January 2023, NCSC published an updated set of requirements, v.3.1 for the Cyber Essentials scheme....
We are hearing a lot about phishing and phishing attacks currently so, in this blog, we will take a step back....
While it’s one of the areas that IT and security departments find challenging, documentation (and compliant evidence)....
In our previous blog, we looked at where your PCI compliance journey starts. The first step is understanding the flow of your payment card data....
Often referred to as the PCI DSS or quite simply PCI, the Standard was developed by the founding payment brands....
We are going to explore why the focus on a risk-based approach has helped turn ISO 27001, the International ISM Standard, into such a world-beater.
There is some confusion about the difference between having an ISMS which is certified to ISO 27001 and one which is compliant or aligned to the Standard.
This blog takes a look at onboarding information systems. When onboarding is mentioned will conclude it’s referring to people but there is a lot more to think
This blog talks about information classification. So, what exactly do we mean by information classification?
In this blog, we are going to look at governance. We are regularly asked, ‘is information governance the same as IT governance?’
When managing the security of your organisation’s information assets, you will need to consider the scope of what you are doing.
The answer depends on your goals and knowledge of your current position. This blog will look at which is best and when.
Let’s face it, there is nothing straightforward or simple about responding to a data subject access request (DSAR).
On 2 February 2022, the Information Commissioner’s Office (ICO) laid before Parliament changes around restricted international personal data transfers.
On 16 July 2020, the CJEU issued its judgement on the adequacy of both the Privacy Shield and standard contract clauses (SCCs).
The need for guidance on how organisations should best protect privacy and manage personal information has never been more pertinent.
We discuss the importance of ensuring that your whole organisation can identify a DSAR and the benefits of controlling the entry points of DSARs.