The information security risk assessment: identifying threats
One of the core aspects of an information security risk assessment is to identify the threats your organisation faces. We recommend that you follow the best practices outlined in ISO 27001 when doing this. The international standard provides a framework for developing an ISMS (information security management system) that’s dictated ... Read More
Where to begin when creating your data flow map
A data flow is the transfer of information from one location to another – for example, from suppliers and sub-suppliers through to customers. It’s essential that organisations map these flows in order for them to keep data secure and meet data protection requirements, such as the GDPR (General Data Protection ... Read More
ISO 27001: Top risk treatment options and controls explained
For all the attention that organisations pay to their ISO 27001 risk assessment, it’s worth remembering that there’s an additional step afterwards – risk treatment. This is where you take the risks that you’ve identified and decide how to deal with them. There are several available options, and the appropriate ... Read More
Information security vulnerability vs threat vs risk: What are the differences?
If organisations are to adequately protect their sensitive data, they need to understand the three core components of information security: threat, vulnerability and risk. Those unfamiliar with the technicalities of information security might assume that these terms are interchangeable, but that’s not true. In this blog, we explain the differences ... Read More
List of threats and vulnerabilities in ISO 27001
When an organisation conducts an ISO 27001 risk assessment, it’s useful to have a list of threats and vulnerabilities to hand to make sure everything is accounted for. The list also helps you understand the difference between threats and vulnerabilities, which in itself is an essential part of the process ... Read More
How to get multiple risk owners contributing to a risk assessment
One of the most important steps when conducting an ISO 27001 risk assessment is to select risk owners to manage specific threats and vulnerabilities. Choosing the right person is crucial, because not only should the owner of each risk be someone for whose job relates to that risk, but they ... Read More
Identifying relevant laws and regulations is the key to effective data security
Personal data is the lifeblood of many organisations, but it is becoming increasingly important to manage the way that information is used. Organisations that fail to do so risk data breaches, reputational damage, lost time and financial repercussions. This is no more evident than with the GDPR (General Data Protection ... Read More
Secure your organisation with our Data Flow Mapping Tool
Data flow maps are essential for organisations to understand how sensitive information moves through their business. For example, you might collect user information in a survey, which is then funnelled into a database that’s used by your marketing team. If any of those respondents become a customer, their information will ... Read More
An introduction to information security risk assessments
If you’re trying to protect your organisation from security incidents, you will probably have come across the concept of risk assessments. This is an essential step to understanding and addressing your weaknesses, and must be done before you introduce new policies or purchase a new piece of software. To explain ... Read More
Top 10 risks to include in an information security risk assessment
An ISO 27001 risk assessment should have five key steps. In this blog, we look at the second step in the process: identifying the risks that organisations face. How to identify threats You must determine which can compromise the confidentiality, integrity and availability of each of the assets within the scope ... Read More
