InfoSec & Cyber Security

There can be little doubt that securing and protecting information is an essential requirement for organisations, irrespective of their market sector or size. The challenge for many organisations, however, is implementing and maintaining a level of information security that is appropriate to them.

This can be achieved by adopting an approach to information security management that is based on continuous improvement and regular review – a management system.It is important to note that no two information security management systems (ISMS’) will be the same, due to organisational differences in the actual and perceived values of information, business goals, risk appetites, demands by customers/regulators etc.

Your ISMS should be tailored to and reflect your organisation, how you work, the terminology you use and be part of business as usual.We, at URM, are cognisant of these requirements and are dedicated to assisting you identify, achieve and maintain your desired levels of information security.

How Do We Achieve This?

  • Understanding your business goals/objectives

    Our first goal is to understand what your organisation’s mission is, what your business objectives are and where information security fits into these.It is important to assess what the impact would be on your organisation if you suffered a loss of confidentiality, integrity or availability to your key information and to understand what your risk appetite is.

    Our approach is based on ensuring that information security is totally embedded and integrated into the day-to-day management of your business and is not some stand-alone function.

  • Adopting a Risk-Based Approach

    This is the area where we believe we can add the greatest value to an organisation. Since 2002, we have been developing and honing our risk assessment methodologies and software tools to enable you to identify, in a scientific but practical and pragmatic manner, where your greatest information-related risks are.

    By adopting such an approach, you will be able to save time and money by prioritising and implementing controls (technical, people, policy and process-related) which are appropriate and relevant to you and that bring the greatest benefit.

  • Specialists in ISO 27001, PCI DSS and Data Protection

    Having been involved in implementing ISO 27001, the International Standard for Information Security, since its inception, we believe we have unrivalled insights into the Standard’s requirements and how best to satisfy them.

    Our own ISMS has been certified to this Standard since 2008. We strongly believe that with its risk-based approach and emphasis on continuous improvement, ISO 27001 provides an ideal and pragmatic information security framework for any organisation and the perfect internal and external demonstration that you take information security seriously.

    Assisting organisations comply and certify to this Standard is undoubtedly one of our distinctive competences and we have a track record of over 300 successful projects. We can offer you a service which matches your skills, resource availability, budget, timescales and aspirations.

    This includes full lifecycle services or assistance with specific aspects such as identifying and valuing assets, conducting risk assessments, developing policies and processes, conducting audits and developing and delivering security awareness programmes.

Cyber Security Consultancy

Cyber Essentials

Cyber Essentials  is a simple yet effective Government scheme that is aimed at helping protect organisations from a range of the most common Internet-based threats. The Cyber Essentials scheme specifies the following 5 basic control areas that all organisations must address in order to achieve certification:

There are two levels of certification with the scheme, namely Cyber Essentials and Cyber Essentials Plus.

Cyber Essentials requires your organisation to complete an online self-assessment questionnaire which is then assessed and verified by a certification body such as URM.

Cyber Essentials Plus focuses on the same controls, but involves a more robust and independent examination of your IT infrastructure again by a certification body such as URM. Whilst acting predominantly as a certification body, URM also has an independent team of consultants who can help you understand the requirements of Cyber Essentials and how to address them.

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

A rich text

element can

be used with

  • Formalisation and documentation of key working practices
  • Improved information security incident management
  • Better Information classification
  • Strengthening of physical security
  • Raising awareness of likelihood and impact of threats

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Phishing Exercise

Heading

Heading

Heading

Heading

A growing cyber risk for all organisations is phishing where fraudsters attempt to access valuable information such as usernames, passwords and account information by masquerading as a reputable entity or person in an email or another communication medium.Phishing can also involve sending malicious attachments or website links in order to infect computers or mobile devices.In order to combat the threat of phishing, organisations need to adopt technical solutions backed up by comprehensive staff awareness campaigns designed to increase the likelihood of users spotting a phishing attempt and raising a security incident to enable the organisation to respond accordingly.

A Quick Walk Through Phishing

GRC
Phishing
The Ultimate Guide
Poster

What to look out for in phishing email. Download the Phishing Awareness Poster
This file will help you and your organisation being vigilant.

Download
GRC
Phishing
The Ultimate Guide
Part 1

What is phishing? And, if you receive a phishing email, how will you know if it is one? What clues should you be looking out for?

Read more
GRC
Phishing
The Ultimate Guide
Part 2

Phishing attacks exploiting the Covid-19 outbreak are on the rise, aimed at exploiting human vulnerabilities

Read more

In order to assist organisations assess its users’ awareness and vigilance to phishing attempts and processing of incoming third party emails, URM has developed an effective methodology aimed at determining and measuring an organisation’s level of exposure.Working closely with sponsors from the client organisation, we develop micro websites and a campaign of orchestrated emails aimed at inducing users to open the email, click on a link and provide sensitive information e.g. passwords.This involves creating initial emails and micro websites that look like the intended email/website and then responding and evolving the campaign as users begin to interact with the emails.

Naturally, the potential impact to the organisation of clicking on unknown links and providing confidential information could be extremely damaging.At the end of the exercise, through the use of its tracking software, we are able to report back on the number of users who potentially exposed the organisation to the risk of a data breach or to malicious software. Once completed, the results of the exercise can then form a very powerful component of any staff awareness programme.By referring to the actions of personnel from the actual organisation, cyber risk is no longer an abstract term but something users can practically relate to.

GRC
updateD:
25 May 2022
Who Needs a ROPA and Why?

Under the UK General Data Protection Regulation (GDPR), the majority of organisations processing personal data are required to create and maintain a formal record of processing activities (ROPA).

Read more
GRC
updateD:
25 May 2022
PCI DSS v4 – Changes at a Glance

After several years wait, and to surprisingly little fanfare, the Payment Card Industry Security Standards Council (PCI SSC) released the new version of the PCI Data Security Standard (DSS) on 31 March 2022.  

Read more
GRC
updateD:
25 May 2022
Who Needs a ROPA and Why?

Under the UK General Data Protection Regulation (GDPR), the majority of organisations processing personal data are required to create and maintain a formal record of processing activities (ROPA).

Read more

Asset identification within RA

Latest update:
30 Jun
2022

A question which comes up time and time again is ‘How do I approach asset identification within my information security risk assessment’. Typically, this question is twofold; which assets to include

Read more
Information Security
updateD:
30/6/2022
Benefits of Implementing ISO 27001

What are the Benefits of Implementing ISO 27001? We dig a bit deeper on the benefits that are gained from implementing the standard and from achieving certification.

Read more
Information Security
updateD:
30/6/2022
Three Tips to Help you Simplify your Risk Management Process

A key role of risk management is helping organisations decide how limited resources can be most effectively used to address the most pressing business issues, e.g. threats to information security.

Read more
Information Security
updateD:
30/6/2022
What is ISO 27001?

ISO 27001 is the International Standard for Information Security Management. Effectively, it provides any organisation, irrespective of size or sector, with a framework and an approach to protecting..

Read more
"
Cyber Essentials Plus was a great exercise for the business to go through as some gaps were found and URM provided valuable information on remediation
contact US

Let us help you

Let us help you in your compliance journey by completing the form below and letting us know how we can best support you
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.