Latest news Archive
One of the core principles of ISO 27001 is that the information security measures you adopt must be relevant to the threats your organisation faces. Every business is unique – in its structure, the types of information it processes and …
Clause 6 of ISO 27001 covers the actions that organisations must take to address information security risks. It’s one of the most important parts of the Standard, because everything else you do to meet the Standard’s requirements informs or revolves around this …
Ransomware is everywhere, infecting organisations across all sectors, and its proliferation is seemingly out of control. Cyber criminals have adopted ransomware as their default attack strategy, in part because it can be planted on organisations’ systems easily and cause catastrophic …
Information security is becoming an increasingly important part of business. The average cost of a data breach rose to $4.24 million (about £3.1 million) last year, according to a Ponemon Institute study, demonstrating the severity of the problem. To mitigate …
When an organisation conducts an ISO 27001 risk assessment, it’s helpful to have a list of threats and vulnerabilities to hand to make sure everything is accounted for. The list also helps you understand the difference between threats and vulnerabilities, …
One of the most important steps when conducting an ISO 27001 risk assessment is to select risk owners to manage specific threats and vulnerabilities. Choosing the right person is crucial, because not only should the owner of each risk be …
Risk assessments are at the heart of ISO 27001, but they often have a reputation for being time-consuming and difficult. But how long should the risk assessment process take? The answer depends on which tool you use. Risk assessment tools …
Data flow maps are essential for organisations to understand how sensitive information moves through their business. For example, you might collect user information in a survey, which is then funnelled into a database that’s used by your marketing team. If …
If you’re trying to protect your organisation from security incidents, you will probably have come across the concept of risk assessments. This is an essential step to understanding and addressing your weaknesses, and must be done before you introduce new …
Sensitive data is one of an organisation’s most important assets, so it makes sense that you prioritise its security. What is information security? Information security is “the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction” …