ISO 27001 Archive
For all the attention that organisations pay to their ISO 27001 risk assessment, it’s worth remembering that there’s an additional step afterwards – risk treatment. This is where you take the risks that you’ve identified and decide how to deal …
If organisations are to adequately protect their sensitive data, they need to understand the three core components of information security: threat, vulnerability and risk. Those unfamiliar with the technicalities of information security might assume that these terms are interchangeable, but …
Personal data is the lifeblood of many organisations, but it is becoming increasingly important to manage the way that information is used. Organisations that fail to do so risk data breaches, reputational damage, lost time and financial repercussions. This is …
Risk assessments are at the heart of ISO 27001, but they often have a reputation for being time-consuming and difficult. But how long should the risk assessment process take? The answer depends on which tool you use. Risk assessment tools …
Sensitive data is one of an organisation’s most important assets, so it makes sense that you prioritise its security. Information security is “the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction” of sensitive records. This …
One of the core principles of ISO 27001 is that the information security measures you adopt must be relevant to the threats your organisation faces. Every business is unique – in its structure, the types of information it processes and …
ISO 27001 audits can be intimidating, especially if it’s the first time that your ISMS (information security management system) has come under scrutiny. So how can you make sure you’re doing everything that you should? This blog helps settle your …
Organisations that are serious about preventing data breaches must create an information security policy. They contain a list of guidelines on how to handle with various incidents that might result in data breaches. Ideally, your information security policy should be …
When you’re considering your organisation’s cyber security measures, there are two things you must consider: do these controls work now, and will these controls work in the future? The first issue is comparatively easy to assess, because any solution you …
Third-party suppliers are a common source of confusion for organisations considering their GDPR (General Data Protection Regulation) compliance requirements. When the Regulation was first introduced, the issue of third-party suppliers and their relation to organisations’ own GDPR compliance received a …
