dcsimg

3 essential controls that can keep your organisation safe from cyber threats

Organisations that want a proven, structured approach to information security should look no further than ISO 27001. The Standard describes best practice for implementing and maintaining an ISMS (information security management system), which is built around a system of controls that protects your information from a wide variety of threats. The full list of controls is listed in Annex A of … [Read more...]

What is an information security policy?

An information security policy is a set of instructions that an organisation gives its staff to help them prevent data breaches. Employees are involved in many of the most common causes of security incidents, whether directly (such as accidental breaches) or indirectly (such as phishing scams), so thorough guidelines are essential. How do you create information security policies? Your … [Read more...]

What is an ISO 27001 risk assessment and how should you report on it?

An ISO 27001 risk assessment helps organisations identify, analyse and evaluate weaknesses in their information security processes. It’s a core part of ISO 27001 compliance, informing organisations’ decisions regarding the risks that must be addressed and how they should be tackled. Getting the risk assessment process right is obviously important, but you must remember that it’s only the first … [Read more...]

Results of Facebook investigation coming this summer, says DPC

Ireland’s DPC (Data Protection Commission) has said it will release the findings of its investigation into Facebook and several other high-profile tech companies in June or July. Commissioner Helen Dixon told Bloomberg: “We’re at various concrete stages in all of them, but they’re all substantially advanced.” The DPC began its investigation in October 2018, following consumer complaints … [Read more...]

Securing 2019 with ISO 27001

2018 was a mixed bag for information security. According to the Identity Theft Resource Center’s 2018 End-of-Year Data Breach Report, there were fewer recorded data breaches compared to 2017, but there was a 126% increase in the number of breached records. As you might expect, the business sector suffered both the most data breaches (571 of 1,244 total) and the highest number of breached … [Read more...]

Top 5 tips for tackling the rising threat of data breaches

Cyber security is a daunting topic. Every week there’s a new big data breach, experts are constantly warning that “you’re next”, and the threat of fines and other disciplinary action under the GDPR (General Data Protection Regulation) lingers over all of us. To help you understand how to address these issues, IT Governance Director Steve Watkins gave us his top five tips for staying … [Read more...]

The 4 stages of cyber resilience

The cyber threat landscape has evolved rapidly in the past few years. Organisations are increasingly reliant on technology and more eager than ever to collect personal data, but without the resources to protect their systems, cyber crime has flourished. We’ve reached a point where there are so many crooks and potential vulnerabilities that it’s foolish to suggest that you can prevent breaches … [Read more...]

Have you met the PCI SSC’s new QSA requirements?

As of 2019, the qualification requirements for QSAs (Qualified Security Assessors) have become much tougher. Assessors must now gain an information security and an IT audit certificate. Under the previous rules, QSAs were only required to hold one of those qualifications. The rule change took effect on 1 January 2019 for new QSAs. Those who were already qualified have until 1 July 2019 to gain … [Read more...]

3 fundamental IT issues and how you can resolve them

Every organisation has its own unique challenges, but some issues are so fundamental to business operations that they are practically universal. This blog outlines three common problems, and offers a solution for understanding and tackling them. 1. Staff awareness According to Leron Zinatullin, author of The Psychology of Information Security, one of the biggest problems … [Read more...]

Google fined €50 million in landmark GDPR ruling

Google has been fined €50 million by the CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation).  It’s by far the biggest fine related to the GDPR, which took effect in May 2018 and gave regulatory bodies much stronger disciplinary powers.  What did Google do wrong?  The CNIL concluded that Google had violated the GDPR in two … [Read more...]