2021 Cybersecurity and Information Resilience Blog

The reality is probably a lot worse. “You don’t know what you don’t know”. Both in the fact that some organizations don’t have the right systems and procedures in place to identify information security breaches, and, for a lot of bad actors, being successful means not being found out. 

Read blog

So, why is ISO/IEC 27001, the Information Security Management System (ISMS), so relevant to organizations?

It is more accurate to think of an ISMS as a business enabler- not just an IT issue. If we get it right, it’s going to help organizations to not just survive but actually prosper in the long term.

With the advent of GDPR, came a real need to take 27001 and provide greater assurance to the organization, to our customers, to our clients that we have got the necessary controls in place. Not just to manage information in general, but specifically to look at and to concentrate on  personal identifiable information that we’re either going to have to process or control.

To facilitate this additional assurance that organizations felt that they needed, ISO/IEC 27701 was created. So, what is it?

Read blog

John Hetherton, Global Practice Lead - PCI DSS

With more information on the PCI DSS v4.0 update gradually coming to light, it appears that the long-awaited update is getting further away not closer. This means that organizations will have a generous timeframe during which transition can occur.

So down to the question:

What do we know, and what can we say for certain about PCI DSS Version 4?

With the phrases of the year “You’re on mute!” combined with “Can you still hear me?” still fresh in our headsets, organizational resilience has been tested as much as our own sense of humour in the face of adversity. The question moving onwards to 2021 & beyond may well be, should we stay with remote consultancy or return to face to face?  Greig Ferguson, Consultant, Cyber Risk and Advisory demonstrate the pro and cons of both.

Read more