Risk Management Archive

How networks have evolved and how to secure them Adam Seamons is the information security manager of GRC International Group PLC, after more than 15 years’ experience working as a systems engineer and in technical support. Adam also holds CISSP …

DORA’s supply chain security requirements IT Governance’s research for November 2023 found that 48% of the month’s incidents originated from the supply chain (i.e. were third-party attacks). For Europe, this number rises to 61%. Admittedly, it only takes a comparatively …

Any organisation that’s required to comply with the GDPR (General Data Protection Regulation) must conduct regular risk assessments. This isn’t just because the Regulation says so. Risk assessments are essential for effective cyber security, helping organisations address problems that, if left unchecked, …

If you’re familiar with ISO 27001, you’ll know that it’s the international standard for information security and contains the certification requirements that are expanded upon throughout the ISO 27000 series. There are 46 standards in total in the series (although …

The ISO 27001 implementation and review processes revolve around risk assessments. This is where organisations identify the threats to their information security and outline which of the Standard’s controls they must implement. The process begins by defining a methodology, i.e. …

Gap analyses and risk assessments are two of the most important processes organisations must complete when implementing ISO 27001 or reviewing their compliance status. There are a lot of similarities between the two, which often causes organisations to confuse them …

Data breaches and cyber attacks are regularly in the headlines, so it will come as no surprise that all organisations are vulnerable to attack. Falling victim can result in financial loss, regulatory penalties, business disruption and reputational damage. The majority …