Policy pile up creates user uncertainty

This blog was written after recently working with different companies on their Information Security Management Systems (ISMSs).  The ISO27000 standard – the Overview and vocabulary part of the ISO27nnn series – defines an ISMS as consisting of “policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its… Read More

You have decided you need ISO27001 certification – what happens now?

ISO27001 is the international standard for Information Security, and there are several reasons for deciding that certification is a business requirement. For some companies, it becomes a requirement to get shortlisted for new work. For others, it can be a way for management to ensure good security practices are in places as they grow or… Read More

Why keeping information secure is much more than an IT issue

When I ask business owners what they are doing to keep their business information secure, the vast majority say it is an IT issue and I should talk to their IT team or the company used to maintain their IT systems. But what about dealing with risks from your staff, lack of adequate physical security or keeping… Read More

Cyber insurance cover – check the small print

The insurance industry has responded to increasing cyber threats to client details, business strategy, financial details, intellectual property, passwords and employee information by offering cyber insurance to supplement existing insurance arrangements. The market is still evolving, but it typically covers hacking, computer system failure and recovery, and business interruption. Businesses of all sizes may view this… Read More

Reviewing user permissions, it may reduce costs as well as improving security

A key part of protecting information is to make sure users only have access to what they need to do their job. Permissions need updating when the role of an individual changes. When they leave their account(s) need to removed or suspended in some way. In an ideal world there would be an email or… Read More