Luke Irwin Archive
So you’ve decided that it’s in your organisation’s best interest to adopt ISO 27001, the international standard for information security. Good decision. Now you just need to convince the board to give you the financial backing and resources to implement the Standard. In this blog, we …
Credit unions in Ireland are required to conduct a penetration test once a year, and send the results to the Central Bank of Ireland for review. According to a report published by the Bank last year, credit unions are getting better at doing this. But for those that are still …
Organisations that accept card payments are responsible for the security of customers’ payment information and must comply with the PCI DSS (Payment Card Industry Data Security Standard). The PCI DSS is a set of tools and measures to help you …
Some innocuous browsing from a hardworking employee during a quick break is nothing to worry about, but there are certain practices that can be hugely damaging to your organisation. And they’re probably occurring more often than you might think. In this blog, we outline three issues …
The introduction of the GDPR (General Data Protection Regulation) requires all organisations within its scope to give data subjects the right to review the personal data being held on them. These requirements are broadly consistent with previous laws about personal data access requests, albeit more rigorous. However, …
The rise of cyber attacks and data privacy concerns has information security a top priority for organisations. Many have chosen to mitigate the risk by implementing an ISMS (information security management system). Creating an ISO 27001-compliant ISMS is a big task, but the benefits it provides makes it an essential …
You might have noted that data breaches happen a lot. We post about incidents as often as we can, but it’s practically impossible to keep up. That’s why we’ve decided to start compiling a monthly list of incidents from stories reported around the globe. In our inaugural list, …
One of the most misunderstood aspects of the GDPR (General Data Protection Regulation) is its consent requirements.
Many people believe that organisations must get consent to process personal data, but that’s not true. Consent is only one of the six lawful …
Your organisation won’t be able to protect its systems for long without an information security audit. That’s because cyber threats and the way your organisation operates is constantly changing, requiring you to regularly take stock of your security practices.
Whether you’re trying to certify to an information standard, …
This time last year, organisations were scrambling to meet the compliance deadline for the GDPR (General Data Protection Regulation), people’s inboxes were flooded with last-minute pleas for consent and social media was rammed with GDPR memes. Twelve months later and the commotion surrounding the Regulation has calmed, but its impact remains.
