Luke Irwin Archive
A cyber security risk assessment matrix is a crucial tool for helping organisations protect sensitive data and prevent data breaches. The matrix provides a consistent way to measure and compare threats and vulnerabilities. It’s also an ideal resource for explaining …
Third-party risk management is a crucial part of an organisation’s information security practices, with suppliers often introducing vulnerabilities that can have devastating knock-on effects. According to a Ponemon Institute and RiskRecon study, between 2021 and 2022, over half of organisations …
One of the most important aspects of cyber security, and something that many organisations get wrong, is identifying relevant risks. You cannot protect against every threat and every weakness you face, because they are simply too numerous. If you tried, …
With a growing awareness of data privacy and rising incidents of information security breaches, it’s essential that organisations manage their cyber security compliance requirements effectively. At the heart of any cyber security programme is a combination of technology, processes and …
One of the core principles of ISO 27001 is that the information security measures you adopt must be relevant to the threats your organisation faces. Every business is unique – in its structure, the types of information it processes and …
Clause 6 of ISO 27001 covers the actions that organisations must take to address information security risks. It’s one of the most important parts of the Standard, because everything else you do to meet the Standard’s requirements informs or revolves around this …
Anyone familiar with ISO 27001 should know about asset owners. They are a long-established part of the Standard, ensuring that organisations know who is responsible for managing information security weaknesses. In the latest version of ISO 27001, the requirements added …
Cyber security compliance should be near the top of every organisation’s agenda. With a host of data protection risks and sizeable penalties for violating data protection laws, the stakes have never been higher. The GDPR (General Data Protection Regulation) alone …
Ransomware is everywhere, infecting organisations across all sectors, and its proliferation is seemingly out of control. Cyber criminals have adopted ransomware as their default attack strategy, in part because it can be planted on organisations’ systems easily and cause catastrophic …
One of the key compliance requirements of ISO 27001 is to create an asset inventory. This is a list of information assets that an organisation owns, including fixed assets such as property and equipment, as well as intangible assets such …
