An extract from ISO 27001 controls – A guide to implementing and auditing. An ideal book for anyone implementing or auditing an ISO 27001- compliant ISMS (Information Security Management System).
If your organisation is subject to the GDPR (General Data Protection Regulation), you must create and distribute a privacy notice. This document ensures that individuals are aware of the way their personal data is processed, helping them understand what data is being collected, why and how it’s being used, and how …
Organisations that accept card payments are responsible for the security of customers’ payment information and must comply with the PCI DSS (Payment Card Industry Data Security Standard). Compliance will be a lengthy process for some, but organisations that handle fewer than six million transactions annually can …
Risk assessments are one of the most important parts of an organisation’s ISO 27001 implementation project. The process can be tricky, but this blog simplifies the process by breaking it down into five easy-to-follow steps.
Kaspersky Lab’s latest report on phishing found that attacks have jumped 16% in the second quarter of 2019, compared to the same quarter in 2018. Cyber criminals are continuing to take advantage of the trust between individuals and companies by using fake registration, subscription and feedback forms to get victims to reveal their personal details. Looking at …
There are plenty of reasons a career in information security might appeal: it’s rewarding, there’s huge demand for skilled professionals and it pays well. Plus, you don’t need to study for years and get a degree to enter the industry. All you need to get started is …
Information security policies are arguably the most important part of an organisation’s defences, as the biggest threat you face comes from employees. Whether they’re making honest mistakes, ignoring instructions or acting maliciously, employees are always liable to compromise information. Technological defences can help mitigate the damage, but these must be accompanied by effective information security policies and procedures.
The cyber attacks and 114,686,290 breached records in August 2019 is infinitesimal compared to last month’s total and about 10% of the monthly average.
The short answer is you don’t choose! Despite organisations often declaring they want to be “ITIL-compliant” or they want to “implement ITIL”, ITIL isn’t something you can actually be measured against or accredited to.
Documenting your GDPR compliance can be tough, but a little guidance and access to documentation templates can make things much easier. The documentation process is one of the most important parts of GDPR (General Data Protection Regulation) compliance. What you write dictates the way you …
