URM

23/08/2024

Suppliers pose a considerable risk to the information security posture of your organisation. If you engage with suppliers that have access to your systems and sensitive information, even the most robust and comprehensive internal security controls can be rendered useless if that supplier suffers a security breach. As such, conducting effective supplier risk management is of vital importance to maintaining the security of your organisation’s sensitive information, however this can be a complex and difficult task without guidance.

Read URM’s blog, in which we provide a stage-by-stage breakdown of the fundamental steps you will need to take to conduct effective supplier information security risk management, offering practical, actionable guidance on how to ensure your efforts to keep your organisation’s sensitive information secure aren’t blighted by its supply chain:

URM’s blog provides a stage-by-stage breakdown of the key steps you will need to take to conduct effective supplier information security risk management.

22/08/2024

Cyber Essentials is a government-backed cyber security scheme, developed and managed by the National Cyber Security Centre (NCSC), which is aimed at providing certifying organisations with the fundamental cyber security protection necessary to safeguard themselves against the most-common forms of cyber attack. By implementing the five technical controls required for certification to Cyber Essentials, organisations can take an important step forward in enhancing the security of their internet-facing devices and systems.
Read URM’s blog on our educational website, informationsecuritymanagement.com, where we provide an introduction to Cyber Essentials and discuss how it can help you strengthen your organisation’s online cyber security.
Read more:

https://informationsecuritymanagement.co.uk/an-introduction-to-cyber-essentials-and-cyber-essentials-plus/

22/08/2024

ISO 9001 – Quality management system requirements, is the world’s most well-recognised and widely-adopted standard for quality management, with an estimated 1 million organisations certified against the Standard globally. Whilst implementing and (where appropriate) achieving certification to ISO 9001 should come with substantial benefits, it is, unfortunately, not uncommon for organisations to fail to make the most of their investment into developing and certifying a quality management system (QMS).

Read URM’s blog, where we outline the 5 golden rules to follow when implementing and maintaining an ISO 9001-aligned QMS, in order to ensure that your efforts to conform to the Standard provide you with as much benefit as possible:

https://www.urmconsulting.com/blog/5-golden-rules-for-implementing-iso-9001

21/08/2024

The Cyber Essentials (CE) scheme defines simple security controls which organisations of almost all sizes and maturity levels should be able to implement in order to protect themselves against the most common cyber threats. However, if your organisation has not previously certified to CE, it can be tricky to meet the requirements of all 5 technical control areas and obtain certification.
Read URM’s blog, in which we draw from our extensive experience both as an accredited certification body for the scheme and as an Assured Service Provider under the NCSC’s Cyber Advisor scheme to provide 3 top tips to help you prepare for a successful CE certification assessment.

Read more here: https://www.urmconsulting.com/blog/3-top-tips-when-approaching-ce-certification

20/08/2024

Huge congratulations to Feedback Medical for successfully achieving your Cyber Essentials certification! We have loved working with you, and look forward to teaming up with you again soon:
https://feedbackmedical.com/feedback-medical/feedback-medical-secures-cyber-essentials-certification/

20/08/2024

SOC 2 (Service Organization Control 2) is an information security control framework aimed at providing third-party assurance of a service organisation’s ability to manage and safeguard sensitive customer data. The framework focuses on adhering to specific criteria (security, availability, processing integrity, confidentiality, and privacy) for key systems, and a SOC 2 assessment evaluates the effectiveness of your internal controls over a specific period. Due to SOC 2’s flexibility, you can tailor your controls to specific needs, making it particularly relevant for SaaS organisations and, cloud providers, and data centres.

Attend URM’s webinar on 25 September at 11am, in which we will provide an introduction to SOC 2 and address the key questions about the Standard, including what it is, who does it apply to, how do you prepare for a SOC 2 audit, and more:

https://www.urmconsulting.com/event/soc-2-what-why-and-how

19/08/2024

Enrol in URM’s CISMP training course to gain comprehensive cybersecurity skills.
Master information security and advance your career.
URM’s BCS Certificate in Information Security Management Principles (CISMP) training course will provide you with the skills and knowledge to manage information and cyber security and address the ever-evolving threat landscape and changes in working practices.
What Will You Learn by Attending URM’s CISMP Course?
• Key concepts and terminology such as confidentiality, integrity, availability (CIA), risk management, along with the need for and benefits of information security.
• Relevant current legislation and regulations which impact upon information security management.
• Relevant national and international standards (e.g. ISO 27001) and frameworks which facilitate information security management.
• Implementing information security and risk management in your organisation.
• Categorisation, operation and effectiveness of controls of different types (e.g. physical, people, technical).
URM’s course will fully prepare you to take and pass the BCS administered, remote proctored, 2-hour exam. The exam consists of 100 multi-choice questions with the pass mark being set at 65.
Visit URM’s website to register: https://www.urmconsulting.com/training/cismp-training-course

19/08/2024

Over the previous several years, artificial intelligence (AI) systems have developed rapidly both in sophistication and in pervasiveness across the business landscape. An increasing number of organisations are looking to develop and deploy AI systems for a range of purposes and, as such, the European Parliament has deemed it necessary to introduce the EU AI Act, which aims to both promote the uptake of this new technology whilst ensuring the continued protection of health & safety, human rights, and the rule of law.
Read URM’s blog, in which we provide a comprehensive breakdown of this new legislation, including its scope, requirements, how it will be enforced, and how it is likely to impact the UK and the rest of the world. We will also explore the UK government’s current approach to AI regulation, and how this will evolve as the technology develops:

https://www.urmconsulting.com/blog/the-eu-artificial-intelligence-act

URM’s blog breaks down the EU AI Act and discusses its scope, requirements, how it will be enforced, how it may impact the UK & the rest of the world, and more.

16/08/2024

Pe*******on testing can be an hugely valuable exercise for organsiations, but when it is conducted to meet internal or external requirements (e.g., in line with internal policy or the requirements of a standard), it is not uncommon for organisations to treat it as a box-ticking exercise and subsequently miss out on some of the many benefits it can provide. However, there are some quick and easy-to-implement steps that you can take during and after your pen testing to significantly increase the value you are able to extract.
Read URM’s blog, in which we outline these key steps you can take to ensure you get the most out of your pen tests, and are able to both meet any compliance requirements and actively improve your organisation’s security posture:

https://www.urmconsulting.com/blog/getting-the-most-from-your-pen-tests-during-and-afterwards

*******onTest

URM’s blog outlines the key steps you can take during and after a pe*******on test to improve your organisation’s security posture.

15/08/2024

The General Data Protection Regulation (GDPR) provides data subjects in the UK and EU with a right to access their personal data and, to exercise this right, can make a data subject access request (DSAR) of any controller that processes their data. However, while ‘I want to see my data’ might sound like a very simple request, the regulatory caveats around what data you must and must not provide and the timeframe in which you must provide it, mean they can be more complex than initially seems to be the case.
Read URM’s blog on our educational website, informationsecuritymanagement.com, in which we explain how you can recognise a DSAR, who is responsible for managing them, how to respond to one, and more.

Read more:

https://informationsecuritymanagement.co.uk/an-introduction-to-data-subject-access-requests-dsars/