Vigilant Software Blog

One of the early challenges of conducting an ISO 27001 risk assessment is how to identify the risks and vulnerabilities that your organisation faces. It’s a deceptively tricky task, because although it doesn’t require the practical application of information security …

The purpose of an information security risk assessment is to prioritise threats so that you can allocate time and resources appropriately. To do that, you need a way of calculating the severity of these threats; that’s where the information security …

Before beginning your data mapping exercise, you need to identify the personal data you hold. Personal data is any information that can directly or indirectly identify a natural person. The GDPR (General Data Protection Regulation) places much stronger controls on the …

Clause 6 of ISO 27001 is one of the most important aspects for compliance, as it covers the actions you must take to address information security risks. Everything else you do to meet the Standard’s requirements informs or revolves around …

We’re back with another round-up of some of the most notable information security stories of the past month. In this edition, we discuss a hospital employee who abused their power to contact patients, an update on last year’s Ticketmaster data …

ISO 27001 focuses heavily on asset-based planning. This ensures that the information security measures you adopt are appropriate to the threats you face – both in practicality and scale. There is no point implementing controls if what their protecting against is …

As we enter December, many organisations slow down as they turn their attention to Christmas. Office parties, secret Santas and discussions of when it’s acceptable to put the tree up start to take precedence over work, as employees kill time …