Ultimate Guide to Cyber Security Compliance
Cyber security compliance should be near the top of every organisation’s agenda. With a host of data protection risks and sizeable penalties for violating data protection laws, the stakes have never been higher. The GDPR (General Data Protection Regulation) alone has created more than £1.3 billion in regulatory penalties, and ... Read More
Why is Ransomware Getting the Better of Us?
Ransomware is everywhere, infecting organisations across all sectors, and its proliferation is seemingly out of control. Cyber criminals have adopted ransomware as their default attack strategy, in part because it can be planted on organisations’ systems easily and cause catastrophic damage. Ransomware attacks typically begin with an employee opening an ... Read More
How to Develop an Asset Inventory for ISO 27001
One of the key compliance requirements of ISO 27001 is to create an asset inventory. This is a list of information assets that an organisation owns, including fixed assets such as property and equipment, as well as intangible assets such as personal data. Creating such an inventory is essential for ... Read More
A Guide to ISO 27001’s Cryptographic Controls
Encryption is one of the most important tools that modern businesses have at their disposal. Confidential information is their lifeblood, and it’s constantly flowing through their systems – between databases, removable devices, emails and suppliers. If organisations don’t take appropriate steps to protect sensitive information, they increase the risk of ... Read More
Guide to ISO 27001 Human Resource Security
HR departments process vast amounts of sensitive information, so it’s essential that organisations take appropriate steps to secure that data. Annex A.7 of ISO 27001 sets out the framework that enables organisations to do that. ISO 27001 is the international standard that describes best practice for implementing an ISMS (information ... Read More
Guide to ISO 27001 Physical and Environmental Security
Information security is often considered in terms of cyber threats, such as criminal hacking and fraud, but it’s just as much about physical and environmental risks. This includes things such as the improper disposal of physical records, unauthorised personnel in the premises and property damage. ISO 27001, the international standard ... Read More
What Is Information Risk Management? Definition & Explanation
Information risk management is the process of identifying the ways an organisation can be affected by a disruptive incident and how it can limit the damage. It encompasses any scenario in which the confidentiality, integrity and availability of data is compromised. As such, it’s not just cyber attacks that you ... Read More
What Is Information Security Risk? Definition and Explanation
Information security is becoming an increasingly important part of business. The average cost of a data breach rose to $4.24 million (about £3.1 million) last year, according to a Ponemon Institute study, demonstrating the severity of the problem. To mitigate these costs, organisations must conduct risk assessments to determine how ... Read More
How to achieve repeatable risk assessments
Information security risk assessments help organisations understand the threats they face and the treatment options they should consider. The assessment should be performed regularly – either once a year or whenever there are significant organisational changes – because the threat landscape is bound to change. Another reason to repeat risk ... Read More
Creating a centralised cyber security risk register
A centralised cyber security risk register is a document that includes information about an organisation’s threat environment. It contains information on potential cyber security risks, and usually acts as evidence that an organisation has implemented an ISMS (information security management system). Risk registers are especially important for organisations implementing ISO ... Read More
