Luke Irwin Archive
60% of respondents saying they thought an employee will accidentally breach sensitive data in the next year. That’s a higher than the proportion of people who expect to suffer a cyber attack (46%), yet organisations continue to plough resources into cyber crime prevention while overlooking the threat of insider incidents. Let’s take a look at some of …
If you’re interested in gaining a high-ranking position in the information security industry, your best bet is probably the CISSP® exam (Certified Information Systems Security Professional) qualification.
The information security industry is full of jargon, but luckily most terms only crop up when you’re dealing with specific, technical topics. However, there’s one common but surprisingly complex phrase that often appears without further explanation: ‘cyber security incident’. You might assume it’s simply a euphemism for organisations that don’t want to say ‘we’ve suffered a data breach’. That’s kind of true, but it’s also a …
Since the Regulation took effect last year, there has been a huge increase in the number of individuals submitting DSARs (data subject access requests). Clearly, people are interested in the way their personal data is being used and want to make sure organisations are using it …
European organisations with ties to the UK are particularly concerned about the ramifications of the GDPR (General Data Protection Regulation). With the UK’s EU status up in the air, organisations must navigate their relationships carefully or face the prospect of strong penalties. In this blog, we explain exactly what’s …
Technological innovation has revolutionised business. Things like Cloud computing and the rise of remote working have made our jobs more flexible than ever, but it’s not only home workers who reap the benefits, as the rise of BYOD (bring your own device) policies has shown.
There’s a new standard for data privacy – ISO 27701. It’s the first document in the ISO 27000 series dedicated to privacy, explaining how organisations can create a PIMS (privacy information management systems) and meet best practices outlined in regulations such as the GDPR (General Data Protection Regulation).
If your organisation is subject to the GDPR (General Data Protection Regulation), you must create and distribute a privacy notice. This document ensures that individuals are aware of the way their personal data is processed, helping them understand what data is being collected, why and how it’s being used, and how …
Organisations that accept card payments are responsible for the security of customers’ payment information and must comply with the PCI DSS (Payment Card Industry Data Security Standard). Compliance will be a lengthy process for some, but organisations that handle fewer than six million transactions annually can …
Risk assessments are one of the most important parts of an organisation’s ISO 27001 implementation project. The process can be tricky, but this blog simplifies the process by breaking it down into five easy-to-follow steps.
