Articles / Blogs

September 20, 2018

GDPR Non-Compliance Challenges and Solutions

Penalties for non-compliance are business threatening enough for organizations to consider the regulation more than an administrative exercise. But the long term brand and reputation impact may be even more impactful.
September 7, 2018

The GDPR is a Threat to Your Organization

The EU GDPR, enforceable for 3.5 months, hasn’t made too many headlines regarding the fines levied for non-compliance. Hopefully by now your organization is ready with the basics and have been moving forward with raising the awareness and understanding of behaviors and processes for everyone in the organization.
July 26, 2018

RM Studio v5.5 Release-GDPR Data Flow Mapping

Most organizations have been slow to identify and map the data flows within the organization, because it is a labor intensive task. Those organizations that have already mapped data flows, but are using spread sheets to manage the task, will definitely appreciate the visual editor. C-level and D-level management,
July 26, 2018

EU GDPR – Are You Ready?

General Data Protection Regulation (GDPR) rolled out in Europe on 25 May 2018. The enforcement of the regulation is aimed at ensuring that companies within 28 EU economies rigorously follow international best practices of data security management while handling personal data of EU citizens through changes in consumer privacy protection.
May 8, 2018

Information Security–vs–Cybersecurity

Information security vs. cybersecurity risk management is confusing many business leaders today. More and more the terms information security and cybersecurity are used interchangeably. The media and recently elected government officials are 'dumbing down' the world of digital security, specifically the protection of
March 9, 2018

Implementing ISMS Controls Is Only First Step

The risk management strategy requires the implementation of the recommended security controls in Annex A, but that is only the first step. Next is the implemented controls should be assessed based on the maturity and effectiveness of the implementation to determine whether the work is actually meeting expectations.
February 26, 2018

Access Control: Moving Beyond Compliance

Threats to access control is inevitable because of the participation of human control of the technological business environment which creates constant threats, deliberate or accidental, to confidential information. Creating a strategy to prevent the access control threats is a foundational element of ISMS.
February 15, 2018
small waterfalls in a lake

RM Studio v5.4 Release

RM Studio release v5.4 with Hierarchical Business Entities that can have assets assigned individually and shared among the business entities. The risks can be associated with the assets uniquely under each business entity allowing for different strategies for risk mitigation based on the business entity.
February 5, 2018

GDPR for Personal Data Protection

The GDPR aims to better protect data subjects against personal information abuse through reduction of the collection, storage, and distribution of such data. Company and institution managers, potentially new Data Protection Officers (DPO), who work with or have access to personal data need to refocus data protection strategies.
January 18, 2018

Best Practice ISO 27001 Required Documentation

ISO/IEC 27001 implementation best practices are provided through strict implementation guidelines that have been accumulated and evolved over a decade plus. The benefits of regularly maintaining the ISMS implementation through audits and corrective actions are highly attractive.
November 11, 2017

Most common IT Risks threatening SMEs

Small and medium size enterprises, often referred to as SMEs, make up the majority of the workforce in Iceland. The Icelandic SME owners and employees are well aware of the need to be resourceful when dealing with a challenging environment. Today SMEs around the world are affected more and more by the rapid changes in the IT environment and IT security awareness, as the volume and significance of digital data continues to increase. Although the headlines often focus on data theft, hacking of sensitive

October 27, 2017

RM Studio v5.3 – GDPR + ISO27001

RM Studio is now ready to support your GDPR compliance obligations through the Integrated Risk Management Framework and the implementation of the ISO 27001 providing you with a head start before the GDPR goes into force on 25 May 2018.
September 3, 2017

Vendor risk assessment for ISO 27001

The all-pervading Information Technology (IT) has brought unfathomable changes to global business today. While IT capabilities have grown exponentially, with newer business technologies introduced nearly every quarter, if not month, it has also ensured the successful exploration of fresher avenues in business operations – from everyday activities to trend forecasting and from compliance to customer service. The IT road to success has hardly been paved smooth.

July 19, 2017
Inside the volcano

RM Studio v5.2 Release

RM Studio v5.2 New Features include Control to Control Mapping or Control to Regulation mapping tool for reducing work duplication through an implementation report, improved the risk treatment calculations, and updated the ISO 27001:2013 to the 2015 corrections.
July 7, 2017

Strategy for ISO 27001 Certification-Phase 4-BCM

After completing the previous phases towards ISO 27001 Certification, the final step in the process is the implementation of a Business Continuity Management plan. Business Continuity Management (BCM) is a holistic management process of identifying potential threats to a business entity (based on the Risk Assessment), the impact to operations those threats pose and the necessary steps needed to recover business operations after a disruption. The BCM provides a framework for building organizational resilience

June 18, 2017

Strategy fo ISO 27001 Certification-Phase 3

The ISO/IEC 27001:2013 Standard introduces a process approach for integrating structures that strengthen an organization’s ISMS reducing the risks to the information assets. This approach covers the adoption and implementation of systems of processes within your organization, with identification and interactions of the processes, and their management.

The third phase of our Strategy for ISO 27001 Certification is the implementation,

May 17, 2017

Strategy for ISO 27001 Certification-Phase 2

Risk Assessment and Treatment:

Organizational information, whether customer data, credit card information, intellectual property, or other forms is considered a vital asset for organizations. The confidentiality, integrity, and availability of information allows for organizations to sustain a competitive advantage, cost-effectiveness, a steady cash flow, profitability, legal compliance and a positive reputation.

April 10, 2017

Strategy for ISO 27001 Certification

Your organization has decided or more than likely has become obligated to certify your ISMS to the ISO/IEC 27001:2013 Standard in order to comply or satisfy a regulation in your industry. Without the certification your organization will start to lose business opportunities.

First you need to understand what is the ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems and then, what you need to accomplish

September 29, 2016

2016 Information Security Spending $81.6 Billion

The preparation to combat the sinister characters threatening our information security increases more than expected each year. On the other hand, the expectation and wish seems to be – what lack of a robust resolution and visible absence of diligent efforts to implement preventive measures haven't been able to achieve – would be duly covered up by incremental budget boosting. While information security for states has ‘gone fishin,’ software companies providing accounting,

June 12, 2016

Lessons on Managing Reputation Risk post Dieselgate

“Reputation is an idle and most false imposition, oft got without merit and lost without deserving. You have lost no reputation at all unless you repute yourself such a loser,” Iago endeavors to make Cassio forget his sense of shame in Othello. Shakespeare’s antagonist, driven by his infamous “motiveless malignity,” knew it is not true as the manipulator himself used his reputation as “honest Iago” to bring about the downfall of Othello himself. Business organizations must accept

May 8, 2016

Hacker with a conscience or whistleblower?

Mossack Fonseca (MossFon) and the Panama Papers information security leak is the largest amount of data stolen from a single company in history. The story has made the German newspaper Süddeutsche Zeitung (SZ) a celebrity of investigative journalism, but don‘t mistake the extraordinary amount of work SZ and the International Consortium of Investigative Journalists put in to properly disclose the revealing information.

Was it a sophisticated hacker or was it an inside job?

April 12, 2016

The Pirates are invading the Vikings

By now you have heard of the Panama Papers and the Mossack Fonseca. A massive data breach that was distributed through the media exposing the financial dealings through offshore accounts of many world leaders, politicians, celebrities and alleged nefarious individuals flooded the headlines last week. The first public figure casualty from the largest data breach in history was the Icelandic Prime Minister, Sigmundur Davíð Gunnlaugsson. After the revelations of the more than 11 million documents were distributed

January 17, 2016

Instituting efficient insider threat prevention in aviation

Risk management disasters continue to capture the limelight with the latest one involving massive civilian causality. Growing evidence from the US and British intelligence indicate that terrorists successfully planted a bomb in cargo downing the Russia-bound flight in Egypt’s Sinai peninsula on October 31, killing all 224 people on board. While it is true that it is no easy task to “hermetically seal” any country border against these kinds of attacks, but it is equally true

December 21, 2015

Avoid Being a Target this Holiday Season

The concerns surrounding information security in credit cards are not limited to a particular season, but they acquire added prominence during the holiday shopping season. While retailers look to gain optimum increase in sales through their online and in-store channels, gift giving spree combined with year-end buoyancy drive consumers to buy more. Hackers too wait for this season and look to gather credit card information by breaching any defense. In addition, poor information and data security

November 3, 2015
Retina scan for access control

Information Security Access Control – Sweat the small things

As businesses endeavor to explore new horizons of possibilities riding the unprecedented growth in information and communication technologies, data security concerns are at the forefront of conversations, and thankfully, involving even the board of directors. However, the recent history of information security is replete with organizations’ unsuccessful efforts to protect valuable data. Institutions across every industry are exhibiting fragile/futile risk management approaches.

October 28, 2015

Security spending increasing to $75.4bn for 2015

A reported boost in the global information security spending during the ongoing year should have been something to cheer about, if you are related to the risk management discipline. However, with the incremental association of inevitability with cyber attacks, any such good update is failing to provide a prolonged duration of happiness, forget about a sense of security that consumer data is going to be protected well from here on.

October 5, 2015

Lean Thinking for ISMS and ISO 27001:13

We have now crossed the threshold of one year since the release of the 2013 revision for ISO/IEC 27001, the internationally recognized standard for information security management systems (ISMS) in enterprises of all industries and sizes. Since this was a revision to the previously released ISO/IEC 27001:2005 Standard, enterprises had a grace period for the re-certification or certification to the newly released standard. As of October, 2015 the 2005 version is no longer valid.