• Information Assets, Information Security, Infosec, ISO 27001, Infosecurity , International Standards

    Understanding information assets

    Definition of information assets Well, that’s easy, there isn’t one, well at least not one universally accepted definition. ISO/IEC 27000:2018 Overview and vocabulary refers to ‘information asset’ 33 times, but never actually defines it.   A frequently (ab)used definition of an information asset is ‘everything that has a value to the organisation’.  This is the […]

  • 57

    Onboarding Information Systems

    Essentially, the trick is to identify the security requirements of any new software or…   This week’s blog takes a look at onboarding information systems.  When onboarding is mentioned in terms of information security, typically, most will conclude it’s referring to people, and particularly the starters and leavers process.   However, it is also important […]

  • vulnerabilities vs penetration test , information security , PIC DSS, Infosec , INfosecurity, Payment Card Data Security Standard , vulnerability assessment

    Vulnerability assessment vs. Penetration testing

    Vulnerability assessment  – Penetration testing, can things go wrong? There seems to be a market trend to offer a vulnerability assessment and package it as a penetration testing exercise.   Both are security controls in ISO/IEC 27001: 2013 Annex A and both have distinct purpose and deliverables.  In addition, they both feature quite heavily within the […]

  • Business Continuity | Exercise plan for critical activities, business continuity, recovery plan, disaster recovery, iso standards, ISO 22301 ISO INTERNATIONAL STANDARDS

    Exercising your department’s BC Plans

    Exercise plan for critical activities In our previous business continuity (BC) blog, we provided an overview of different types of exercises that will help you identify whether your current BC arrangements are effective in managing a disruptive incident.   That, along with instilling confidence and ‘training’ your teams, is one of the main objectives of running […]

  • PCI DSS compliance, Payment Card Industry Data Security Standard, Payment card industry, Payment card, consultancy, visa, mastercard

    Benefits of PCI DSS Compliance

    Benefits of PCI DSS Compliance In recent blogs, we have focused on how best to ensure you comply with the PCI Data Security Standard. However, this week we will look at what the benefits are of achieving and maintaining compliance….aside from meeting your contractual obligations!   As a rule, all organisations that store, process or […]

  • how to deliver a business continuity exercise , business continuity, ISO 22301 types of exercising

    Business Continuity – Types of Exercising

    Types of Exercising   Our previous blog about how to deliver a business continuity exercise prompted a number of questions about the types of business continuity exercise and when to use them.  So, this week’s blog does just that!   Without exercising (we prefer this to testing which implies a pass or fail), an organisation […]

  • What to expect from PCI DSS Policies, Procedures and Evidence. Auditing and the QSA, QSAs and the Payment Card Industry data security standard

    PCI Policies, Procedures and Evidence – What is expected?

    Policies, Procedures and Evidence   While it’s one of the areas that IT and security departments find challenging, documentation (and compliant evidence) is what makes for a happy and satisfied PCI Qualified Security Assessor (QSA), and, more importantly, a successful PCI compliance audit!  Successful  compliance programmes invariably depend on the accurate and consistent recording of events and the […]

  • 2019 Verizon breach report and insights from URM organisation focusing on consultancy and training, helping organisations to comply or certify to international standards eg. ISO 27001 Information Security /cyber security, 22301 Business Continuity and Risk management.

    2019 Verizon Breach Report – A first look

    In our past blogs, we focused on where to seek information and highlights a recently released report which contains useful and valuable information. We also mentioned about the Horizon Scan Report (2019) by BCI Today we will give an overview of the 2019 Verizon Breach Report Where to start, 2019… another year and another Verizon Data Breach […]

  • 5 common pitfalls to avoid to achieve or maintain PCI DSS compliance. (PCI DSS Payment Card Industry Data Security Standard )

    Top 5 common pitfalls of PCI DSS compliance

    As a Payment Card Industry Qualified Security Assessor (PCI QSA) company, we are often asked by organisations which process card payments what are main pitfalls to avoid in complying with the Payment Card Industry Data Security Standard (PCI DSS).  Well, here’s our top five (5) pitfalls to avoid if your organisation is looking achieve or […]

  • PCI DSS report, Preparing for a Report on Compliance

    Preparing for a Report on Compliance (ROC)

    There’s no getting away from the fact that preparing for a PCI DSS ROC can be a bit of a trial, and particularly for those who are experiencing their first visit from a QSA.  Like most trials, the good news is that future visits do get easier as your infrastructure gets up to spec.  That […]