dcsimg

How to document your information security policy

Information security policies play a vital role in organisational security. Getting your policy right will give you an excellent framework to build on, making sure that all your efforts follow a single goal. But if you get it wrong, you risk neglecting key issues and exposing yourself to data breaches. To make sure you get off on the right track, we’ve taken some advice from Alan Calder and … [Read more...]

Still struggling with the GDPR? Here’s how you can get started

The GDPR (General Data Protection Regulation) has been in effect for more than seven months now, but many organisations still aren’t fully compliant with its requirements, and some are still only just getting started.  That’s obviously not ideal, but the good news is that organisations that are still working towards compliance don’t need to feel as though they’ve left … [Read more...]

What’s the difference between an ISO 27001 risk assessment and gap analysis?

The ISO 27001 implementation and review process centres upon the risk assessment and gap analysis process. These two pivotal steps provide you with the bulk of the information you need comply with the Standard, so it’s essential that you get them right. The problem is that the two processes are very similar, meaning organisations can easily confuse the two and jeopardise their compliance … [Read more...]

What’s the difference between an ISO 27001 risk assessment and gap analysis?

The ISO 27001 implementation and review process centres upon the risk assessment and gap analysis process. These two pivotal steps provide you with the bulk of the information you need comply with the Standard, so it’s essential that you get them right. The problem is that the two processes are very similar, meaning organisations can easily confuse the two and jeopardise their compliance … [Read more...]

78% of customers won’t go back to a breached organisation

A Ping Identity study has revealed that 78% of people would no longer use a retailer’s online site if it had suffered a data breach. The 2018 Consumer Survey, which polled more than 3,000 people across Europe and the US, also found that: 48% of people won’t sign up for an online service if the organisation has recently been breached;56% of people won’t accept an increased service fee in … [Read more...]

The GDPR: Why your organisation needs to conduct DPIAs

DPIAs (data protection impact assessments) help organisations identify, assess and mitigate privacy risks to data processing activities. They are particularly important when introducing new data processes, systems and technologies. They are also essential for demonstrating compliance with the GDPR (General Data Protection Regulation). When are DPIAs necessary? Article 35 of the GDPR … [Read more...]

Building a cyber incident response team

Organisations are starting to acknowledge that it’s impossible to completely remove the threat of data breaches. You might be able to repel most incidents, but it’s important to have a CIR (cyber incident response) plan for the threats you can’t prevent. Effective CIR management can help you detect breaches quicker and earlier, and develop a robust defence against attacks to potentially save … [Read more...]

A quick guide to the GDPR’s data breach notification requirements

One of the biggest talking points of the GDPR (General Data Protection Regulation) is its data breach notification requirements. The rules, which include a strict 72-hour deadline for reporting incidents, have caused many organisations to question how they could possibly comply, and many will be tempted to put off their duties and deal with data breaches if and when the time comes. But make no … [Read more...]

Questions you should ask when choosing a cyber training course

So, you’ve decided to gain a cyber security qualification. Perhaps your boss requested that you get one, maybe you realised it’ll boost your chances of a promotion, or you might be trying to break into the industry. Whatever your reason, a qualification can reshape your career, so it’s important think carefully before diving in. Cyber security is a broad topic with a wide variety of … [Read more...]

Preparing for the cyber threats of tomorrow

Organisations are being overrun with vulnerabilities. For an idea of how rapidly the problem is growing: there were 6,000 new vulnerabilities identified in 2016, 15,500 in 2017 and so far more than 16,000 in 2018. This growth is partly because Internet-connected devices and applications are much more widespread than they were a few years ago. But it’s not just a case of ‘more networks means … [Read more...]