Vigilant Software Blog
ISO 27001 is the most popular information security standard worldwide, and organisations that have achieved compliance with the Standard can use it to prove that they are serious about …
A data flow map is a diagram that shows how sensitive information moves between one part of your organisation and another. For example, you might collect user information through …
The latest iteration of ISO 27001 introduced the concept of risk owners in addition to asset owners. This strengthened the Standard’s stance that organisations must appoint people to take …
Clause 4.2 of ISO 27001 details the needs and expectations of interested parties. An interested party is essentially a stakeholder – an individual or a group of people affected …
It’s been two years since the GDPR (General Data Protection Regulation) took effect, and despite many people saying it was a lot of fuss over nothing, it has had …
ISO 27001 is designed to help organisations identify the right approach to take when managing risks. You can’t apply defences to every threat you face, because that would be …
One of the early challenges of conducting an ISO 27001 risk assessment is how to identify the risks and vulnerabilities that your organisation faces. It’s a deceptively tricky task, …
The purpose of an information security risk assessment is to prioritise threats so that you can allocate time and resources appropriately. To do that, you need a way of …
Risk assessments are at the heart of organisation’s information security practices, as they help identify relevant threats and the most appropriate way of dealing with them. But what should …
Before beginning your data mapping exercise, you need to identify the personal data you hold. Personal data is any information that can directly or indirectly identify a natural person. …