Information security management remains a serious issue for the legal sector, with law firms reporting an increase in targeted attacks in 2018. Large volumes of client funds and confidential information are irresistible to cyber criminals, so it is unsurprising that …
In mid-March, NBC reported that IBM collected nearly one million photos from photo hosting site Flickr to use as data sets to help develop facial recognition algorithms. Although IBM claims the data set is designed to help academic researchers make …
Completing a risk assessment is often the most challenging and difficult aspect of an ISO 27001 project. Regardless of the tools you use, the risk assessment must take into account many elements, such as assets, threats, vulnerabilities, and controls, and …
The digital landscape is changing quickly, and cyber crime is on the rise. Last year there were 2.3 billion data breaches, compared to 826 million in 2017. With attacks becoming increasingly sophisticated and hard to defend against, they can cost organisations …
The GDPR (General Data Protection Regulation) isn’t only about preventing data breaches (it’s equally focused on strengthening data subjects’ rights), but organisations have understandably honed in on the importance of effective data protection. Both objectives have clear benefits for organisations, but the …
Cyber attacks are an increasingly serious risk for organizations, but many senior staff seem to believe that their organization won’t be targeted. They might say that their organization is too small to be on attackers’ radars, or that they don’t …
Since the EU General Data Protection Regulation (GDPR) is in effect, EU residents have the ‘right of access’ to their data. If your organization collects or uses their data, they can request: Confirmation that their data is being processed Access …
Certification to the increasingly popular international information security management standard ISO 27001 is now growing at 91% year-on-year in the USA (ISO survey), which is significantly higher than the global growth rate of 20%. With information security breaches now the …
It is a widely held belief that every organization’s website needs a corresponding privacy policy. However, this is not the case. Whether you need an online privacy policy depends on what your organization does, where it does it, and your contractual obligations. According …
When seeking to achieve certification to ISO 27001, organizations should avoid non-accredited certification bodies. Why? Non-accredited certification bodies typically offer a service that includes both consultancy and certification. No formally accredited certification body will offer this type of service, as …
