InfoSec Insider

In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, share their perspective on how organisations can most effectively and efficiently prepare for a Payment Card Industry Data Security Standard (PCI DSS) assessment.  Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss:  
Practical steps teams can take to ensure the assessment runs smoothly overall
What you should have ready before your PCI DSS assessment is even booked and how to determine if your scope definition is clear enough
What useable evidence looks like from a practical perspective, and whether to provide everything up front or respond as questions are asked
When self-assessment questionnaires (SAQs) vs. full assessed engagements are needed, and what to keep from an SAQ in case a full engagement is required in the future
What to do differently if this years’ assessment follows significant amounts of change
And more.
Ask Alastair and Tibor a question: https://urmconsulting.com/podcasts/preparing-for-a-pci-dss-assessment
 
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider      
You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts      
Connect with us on LinkedIn  
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider – Talk DP, Rachael Salter and Aimee Brown, Data Protection Consultants at URM, explore the challenges of workplace privacy and data protection compliance in a hybrid business landscape, and how these challenges can be overcome.  Rachael and Aimee leverage over 20 years’ combined experience in data protection to discuss:
Why employee data is becoming such a significant risk for businesses
The legal and ethical boundaries when monitoring employees
Why operational challenges make employee data subject access requests (DSARs) and monitoring so difficult
Practical steps that small and medium-sized enterprises (SMEs) can take to monitor lawfully and reduce risk
How future trends like artificial intelligence (AI) and global rules change workplace privacy.
Ask Rachael and Aimee a question: https://urmconsulting.com/podcasts/workplace-privacy-in-a-hybrid-world-monitoring-dsars-and-building-trust
URM’s blog on data protection considerations for monitoring employees: https://www.urmconsulting.com/blog/data-protection-considerations-for-monitoring-employees
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider     
You can find more episodes of InfoSec Insider here:   https://urmconsulting.com/podcasts     
Connect with us on LinkedIn     
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider – Talk Cyber, Jack Woods and George Ryan, both Consultants at URM, outline the steps organisations can take to ensure they are prepared in the event of a cyber breach and able to minimise the impact of a breach as much as possible.  George and Jack leverage their extensive experience helping organisations strengthen their cyber and information security posture to discuss:  
The importance of approaching cyber security breaches as a question of ‘when’ not ‘if’, and how to ensure your organisation is appropriately resilient
The documentation and procedures organisations should have in place, such as business continuity, disaster recovery, and communication plans, and how to test these plans’ effectiveness through exercising
When disconnecting your organisation’s environment, i.e., ‘pulling the plug’, is an appropriate response to an attack
Technical measures all organisations should have in place to mitigate the impact of a breach, such as segregation, backups, etc.
Ask Jack and George a question: https://www.urmconsulting.com/podcasts/minimising-the-impact-if-a-breach-occurs
Learn more about this topic:  https://www.urmconsulting.com/blog/minimising-the-impact-when-a-breach-occurs
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider          
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts          
Brought to you by URM, the UK’s leading information and cyber security specialists.       

In this episode of InfoSec Insider, Mark O’Kane, Consultant at URM, explores the National Institute of Standards and Technology Cybersecurity Framework’s (NIST CSF’s) newly introduced Govern Function, outlining its purpose and significance within version 2.0 of the Framework. Mark examines each of its six Categories in detail, from defining organisational context and risk management strategy to establishing oversight and supply chain risk management, and explain the policies, processes and activities you will need to implement and conduct for conformance with each Category.If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider     
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts     Connect with us on LinkedIn     Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider – Talk DP, Aimee Brown and Rachael Salter, both Data Protection Consultants at URM, share their insights on the principle of data protection (DP) by design and by default, particularly as it relates to small and medium-sized enterprises (SMEs).  Rachael and Aimee leverage over 20 years’ combined experience in data protection to discuss:
What ‘data protection by design and by default’ means under the UK General Data Protection Regulation (GDPR)
Why this approach is so important for SMEs
How SMEs can practically implement DP by design and default
The common pitfalls SMEs face when applying this principle
The emerging and future trends that make DP by design and default even more critical.
Ask Rachael and Aimee a question:  https://urmconsulting.com/podcasts/data-protection-by-design-and-by-default
URM’s blog on data protection impact assessments (DPIAs): https://www.urmconsulting.com/blog/when-and-how-to-conduct-a-data-protection-impact-assessment-dpia
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider     
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts     
Connect with us on LinkedIn     
 
Brought to you by URM, the UK’s leading information and cyber security specialists.   
 

In this episode of InfoSec Insider – Talk Cyber, Jack Woods and George Ryan, both Consultants at URM, explain the steps organisations can take to reduce the likelihood of suffering a security breach.  George and Jack leverage their extensive experience helping organisations strengthen their cyber and information security posture to discuss:
What constitutes a security breach and how they are commonly caused
Where to start in strengthening your organisation’s defences and the key measures you should have in place across people, process, technology and supply chain
The importance of preparing for if an attack does occur and reducing the impact of a breach.
Ask Jack and George a question: https://www.urmconsulting.com/blog/reducing-the-likelihood-of-a-security-breach
Learn more about this topic: https://www.urmconsulting.com/blog/strengthening-your-cyber-defences-practical-steps-for-every-business
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider         
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts         
Brought to you by URM, the UK’s leading information and cyber security specialists.      

In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, breaks down the Defence Cyber Certification (DCC), a new certification framework developed by the Ministry of Defence (MoD) and IASME for UK defence suppliers.  George draws upon his extensive experience helping organisations strengthen their cyber security to discuss:
What the DCC is and who it’s for
The four levels of compliance in the DCC, what they mean and how they work
How the DCC can benefit organisations in the defence sector
The steps involved in achieving the DCC.
Learn more about this topic: https://www.urmconsulting.com/blog/understanding-the-defence-cyber-certification-dcc
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider       
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts       
Brought to you by URM, the UK’s leading information and cyber security specialists.     

In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Data Protection Consultant at URM, explores the considerations organisations should make to maintain data protection (DP) compliance in their development and deployment of artificial intelligence (AI) systems.  Martin leverages his 20+ years’ specialisation in DP and information management to discuss:
What AI is
The current AI regulatory framework and how it’s evolving
How the 7 core principles of the General Data Protection Regulation (GDPR) apply and relate to AI
How to comply with rules around automated decision making and meet data subject rights obligations in your development or use of AI
Additional DP factors to consider, such as continuous improvement, appropriate risk mitigations, and using established methods to assess and record decisions.
 
Learn more about this topic: https://www.urmconsulting.com/blog/data-protection-considerations-for-artificial-intelligence-ai
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider        
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts        
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, explore the theory versus the reality of compliance with the Payment Card Industry Data Security Standard (PCI DSS). Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss: 
Whether it would be cheaper to simply pay the fines instead of being PCI DSS compliant
How often they see organisations treat PCI as a one-time project versus an ongoing programme
The possibility of still suffering a breach while being fully compliant, and whether this has happened in the past
The PCI requirements organisations struggle with most in practice
How smaller merchants can cope with PCI requirements that were designed with larger organisations in mind
The areas where PCI DSS lags behind current security threats
And more.
Ask Alastair and Tibor a question: https://www.urmconsulting.com/podcasts/pci-dss-standards-vs-reality
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider      
You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts      
Connect with us on LinkedIn      
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Consultant at URM, breaks down the Upper Tribunal’s recent decision to uphold the ICO’s appeal in the Clearview AI case, sharing his insights on the meaning and impact of this development.  Stuart draws upon over 25 years of specialisation in data protection law to discuss:
The Clearview AI case and how it has developed since the ICO’s 2022 decision to impose a £7.5m fine on Clearview
The Upper Tribunal’s ruling and how it has clarified the territorial scope of the GDPR, as well as the limits of the Regulation’s Article 2 exemption for law enforcement
Why the enforcement limitations of the GDPR mean this ruling may not be as significant a win for the ICO as it initially seems
A potential legal challenge to Clearview from well-known data protection activist Max Shrems, potentially signalling hope on the horizon for this case.
Learn more about this topic: https://www.urmconsulting.com/blog/icos-appeal-in-clearview-ai-case-upheld
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider     
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts     
Brought to you by URM, the UK’s leading information and cyber security specialists.