InfoSec Insider

In this episode of InfoSec Insider, Mark O’Kane, Consultant at URM, offers his insights into the legal, regulatory and contractual-related controls (A.5.31-37) from Annex A of ISO 27001:2022 and how they can be effectively implemented by organisations.  Mark draws upon his extensive experience assisting organisations to certify against the Standard to discuss:
The requirements of the legal, regulatory and contractual controls and how they fit into the overall aim of the ‘Organisational’ control theme
How the legal controls help to prevent breaches of legal, statutory, regulatory or contractual obligations related to information security
How to put controls A.5.31-37 into practice.
Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-2022-a-5-organisational-controls-legal-regulatory-and-contractual
 
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   
 
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   
 
Brought to you by URM, the UK’s leading information and cyber security specialists.    

In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, explores the Lexcel Practice Management Standard (Lexcel), the Specialist Quality Mark (SQM) and their relationship with the Cyber Essentials scheme.  George leverages his extensive experience assisting organisations to enhance their cyber security to discuss: 
What Lexcel and the SQM are, and why they are needed
How these standards relate to cyber security
How Cyber Essentials ties these standards, and how certification to the scheme can benefit law firms’ Lexcel/SQM compliance efforts
How law firms can strengthen their security further having achieved Cyber Essentials.
Learn more about this topic: https://www.urmconsulting.com/blog/understanding-lexcel-and-the-specialist-quality-mark-sqm-how-cyber-essentials-can-benefit-your-practice
 
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   
 
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   
 
Brought to you by URM, the UK’s leading information and cyber security specialists.    

In this episode of InfoSec Insider, Mark O’Kane, Consultant at URM, offers his insights into the information security management controls within Annex A of ISO 27001, which comprise the first eight controls of Annex A’s ‘Organisational’ control theme.  Mark leverages his extensive experience supporting ISO 27001 implementations to discuss:
What the organisational controls are, and how the first eight fit into the overall aim of the ‘Organisational’ control theme
The role of management and senior leadership in relation to information security, and how leadership is linked to the creation of information security policies
The importance of segregation of duties and clearly defined roles and responsibilities in addressing information security risk
How maintaining contact with authorities, special interest groups, and threat intelligence sources can help you address both security risks that may materialise and security incidents that have occurred
Common challenges and mistakes associated with implementing these controls, and how they can be overcome.
Learn more about this topic:  https://www.urmconsulting.com/blog/iso-27001-2022-a-5-organisational-controls-information-security-management
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider  
You can find more episodes of InfoSec Insider here:   
https://urmconsulting.com/podcasts  
 
Brought to you by URM, the UK’s leading information and cyber security specialists.  

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, provides his insights on the 4 controls that relate to access management in the ‘Organisational’ control theme of ISO 27001’s Annex A.  Wayne leverages his 30+ of experience with information security to discuss: 
The requirements of each of the following 4 controls and how your organisation can go about meeting them: 
A.5.15 – Access control 
A.5.16 – Identity management 
A.5.17 – Authentication information 
A.5.18 – Access rights. 
Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-2022-a-5-organisational-controls-access-management 
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider     
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   
Brought to you by URM, the UK’s leading information and cyber security specialists. 

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, breaks down the 5 supplier management-related controls in the ‘Organisational’ control theme of ISO 27001’s Annex A.  Wayne draws upon 30+ of experience with information security to discuss: 
Why your organisation should consider supplier management as part of information security  
What each of the following 5 controls cover and how to implement them: 
A5.19 – Information security in supplier relationships 
A5.20 – Addressing information security within supplier relationships 
A5.21 – Managing information security in the ICT supply chain 
A5.22 – Monitoring, review and change management of supplier services 
A5.23 – Information security for use of cloud services.  
Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-2022-a-5-organisational-controls-supplier-management 
 If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider     
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   
Brought to you by URM, the UK’s leading information and cyber security specialists. 

In this episode of InfoSec Insider, Jack Woods, Consultant at URM, explores information risk assessment and risk treatment in the context of ISO 27001, the International Standard for Information Security Management Systems (ISMS’).  Jack leverages his extensive experience assisting organisations to implement an ISMS and certify to the Standard to discuss:
The purpose of a risk assessment
How risk fits into ISO 27001 and its requirements
How to conduct an information security risk assessment
The actions you can take to treat the risks you identify.
Learn more about this topic:  https://www.urmconsulting.com/blog/information-risk-assessment-and-treatment-in-iso-27001
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here:   https://urmconsulting.com/podcasts   
Brought to you by URM, the UK’s leading information and cyber security specialists.

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, provides his insights on the 34 technological controls in Annex A of ISO 27001 and how these can be implemented by organisations looking to conform or certify to the Standard.  Wayne leverages his 30+ years of experience in information security and risk management to discuss:
What the technological controls in ISO 27001 are designed to achieve
How you can go about selecting the most appropriate technological controls for your organisation
How the guidance contained in ISO 27002, the supplementary standard to ISO 27001, can help your organisation meet the Standard’s requirements in relation to technological controls
The constraints that may prevent your organisation from implementing certain controls, and how these can be overcome
The importance of balancing security and operational effectiveness and efficiency.
Learn more about this topic:  https://www.urmconsulting.com/blog/implementing-technological-controls-in-iso-27001
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here:   https://urmconsulting.com/podcasts   
Brought to you by URM, the UK’s leading information and cyber security specialists.  

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, breaks down the ‘Physical’ control theme from Annex A of ISO 27001, which are a set of security measures aimed at protecting an organisation’s physical assets and environment, such as their buildings, equipment, and paper copies of documents.  Wayne leverages his 30+ of experience with information security to discuss:
Why the physical security controls are important and what physical controls are recommended by ISO 27001
Whether you still need to consider physical security when all your data is stored in and accessible from the cloud
The benefits of controls such as access cards and visible IDs for staff accessing business premises
The relevance of physical controls for remote workers
How to overcome the common pitfalls associated with operating and managing physical security controls.
Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-2022-annex-a-physical-controls
 If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider  
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts 
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Data Protection Consultant at URM, breaks down the General Data Protection Regulation’s (GDPR’s) requirements for organisations that need to share personal data with the police in order to report a crime, or following a request for data to assist with an investigation.  Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:  
The legislative framework governing police access to personal data, including Part 3 of the Data Protection Act 2018
The lawful bases under the UK GDPR for sharing personal data with the police, and when each may apply
Considerations for compliance with the purpose limitation and data minimisation principles when providing the police with personal data
What to consider when sharing special category and criminal offence data with the police, including applicable conditions under the DPA 2018
Whether individuals need to be informed of any data sharing
Practical guidance on how to ensure any data shared is lawful, proportionate, and compliant with the data protection principles.
Learn more about this topic: https://www.urmconsulting.com/blog/sharing-personal-data-with-the-police 
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:    https://ratethispodcast.com/infosecinsider  
You can find more episodes of InfoSec Insider here:   
https://urmconsulting.com/podcasts  
Brought to you by URM, the UK’s leading information and cyber security specialists.  

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, explains the steps organisations can take to effectively plan, conduct, and action an ISO 27001 internal audit.  Wayne draws upon 30+ years of experience in the information security and risk management field to discuss:
The key things to remember when planning your audit programme and to plan specific audits
His tips for auditors when they are conducting audits
The key considerations when reporting on audit results
When you may need to follow-up on audit findings and when you can consider an audit closed.
Learn more about this topic: https://youtu.be/5nFz8nhIZdE
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts 
Brought to you by URM, the UK’s leading information and cyber security specialists.