InfoSec Insider
The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more. In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (BIA). Enhance your understanding and professional skillset with the InfoSec Insider podcast, brought to you by URM, the UK’s leading provider of cyber security and governance, risk management and compliance consultancy.
Listen on:
Episodes
6 days ago
6 days ago
In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, breaks down the Social Tenant Access to Information Requirements (STAIRs), an upcoming standard with which private registered providers (PRPs) of social housing (such as housing associations) will need to comply. Stuart leverages his 25+ years of specialisation in data protection law to discuss:
What STAIRs is and the issues it has been designed to address
The rights that STAIRs will provide to tenants living in private sector-run social housing, and the types of information requests it is likely to be used for
How STAIRs compares to the Freedom of Information Act (FOIA) and to the General Data Protection Regulation’s (GDPR’s) provisions on data subject access requests (DSARs)
What comes next for STAIRs.
Learn more about this topic:
https://www.urmconsulting.com/blog/stairs-a-new-standard-for-social-housing-providers
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Jan 16, 2025
Thursday Jan 16, 2025
In this episode of InfoSec Insider, Chris Heighes, Senior Consultant at URM, takes a deep dive into the Digital Operations Resilience Act (DORA), a new EU regulation for financial entities and their key suppliers to improve their digital operational resilience, which comes into force on 17 January 2025. Chris Leverages his 30 years of IT experience and 15 years’ experience in information security to discuss:
What DORA is
Which entities are in scope of the Act
How DORA’s requirements differ from those of ISO 27001, the International Standard for Information Security Management Systems (ISMS)
The timelines for implementation of DORA and how it will be enforced.
Learn more about this topic: https://www.urmconsulting.com/blog/the-digital-operations-resilience-act-dora
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Jan 09, 2025
Thursday Jan 09, 2025
In this episode of InfoSec Insider, Alastair Stewart, Senior Consultant and Qualified Security Assessor (QSA) at URM, breaks down the changes to assessments in v4.0 of the Payment Card Industry Data Security Standard (PCI DSS), and how organisations can prepare for their v4 assessments. Alastair leverages more than a decade of experience with the PCI DSS to discuss:
The types of evidence the PCI DSS requires, whether there are any new evidence types in v4 and preparing evidence in advance of your assessment
How QSAs collected evidence when assessing previous versions of the PCI DSS and how this has changed in v4
How these changes will impact assessments against v4
His key advice for organisations undergoing PCI DSS v4 assessments
Changes to the self-assessment questionnaires (SAQs) for both merchants and service providers, and whether any new SAQs have been added.
Learn more about this topic: https://www.urmconsulting.com/blog/preparing-for-a-pci-dss-v4-0-assessment
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Jan 02, 2025
Thursday Jan 02, 2025
In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Data Protection Consultant at URM, breaks down a recent opinion issued by the EU Data Protection Board (EDPB) in response to questions from the Irish Data Protection Commission (DPC) on the compliant processing of personal data in the development and deployment stages of artificial intelligence (AI) models. Stuart draws upon his 25+ years of experience in data protection to discuss:
What the EDPB is and how the opinion it has recently issued came aboutThe EDPB’s response to the DPC’s questions, i.e.,
How and when an AI model can be considered ‘anonymous’ (not containing any personal data)
Demonstrating the appropriateness of legitimate interests as a lawful basis for processing personal data in AI models
The impact of unlawful personal data processing in the development phase on the subsequent deployment or operation of an AI model
The significance of the EDPB’s opinion for UK-based organisations in light of Brexit.
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Dec 19, 2024
Thursday Dec 19, 2024
In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, breaks down the current state of cyber security in the modern business landscape and the common cyber security failings and challenges he sees organisations face, as well as offering key advice and guidance on what organisations can do to protect against these threats. George leverages his extensive experience assisting organisations to enhance their cyber security to discuss:
The current cyber security landscape and the common security pitfalls that are leading to an upward trend in cyber security incidents
How the cyber security landscape is likely to evolve in the future as a result of ongoing technological developments, such as in the field of artificial intelligence (AI)
How organisations can protect themselves against these threats and the benefits of certifying to the Cyber Essentials scheme to do so.
Learn more about this topic: https://www.urmconsulting.com/blog/mitigating-cyber-risks-why-cyber-essentials-matters-more-than-ever
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here:
https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Dec 12, 2024
Thursday Dec 12, 2024
In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, breaks down the common mistakes and challenges organisations come up against on both sides of their certification assessment, i.e., before the external assessment when the Information Security Management System (ISMS) is first being implemented, and after certification has been achieved and the ISMS is being maintained. Wayne leverages his 30+ years of experience in information security and risk management to discuss:
The mistakes he frequently sees organisations make when implementing ISO 27001 and preparing to certify
The common mistakes organisations make in maintaining their ISMS and ISO 27001 certification
New common pitfalls he has seen regarding organisations’ implementation of the 2022 version of the Standard
Challenges and mistakes that organisations from particular industries and sectors should look out for.
Learn more about this topic: https://www.urmconsulting.com/blog/common-pitfalls-identified-in-organisations-seeking-iso-27001-certification
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Dec 05, 2024
Thursday Dec 05, 2024
In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, explains records of processing activities (ROPAs), a key document that almost every organisation must create and maintain in order to comply with the General Data Protection Regulation (GDPR). Stuart leverages his 25+ years of specialisation in data protection law to discuss:
What a ROPA is, which organisations need to have one
The advantages of having a ROPA in place and how this can benefit your GDPR compliance efforts
Who within an organisation needs to create the ROPA
The challenges associated with producing a ROPA and how these can be overcome
Whether you should first produce a data flow map before embarking on the ROPA
The next steps after the ROPA has been built.
Learn more about this topic: https://www.urmconsulting.com/blog/who-needs-a-ropa-and-why https://www.urmconsulting.com/blog/how-to-create-a-record-of-processing-activities-ropa
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Nov 28, 2024
Thursday Nov 28, 2024
In this episode of InfoSec Insider, Neil Jones, Senior Consultant at URM, breaks down the purpose and structure of the recently released ISO 42001, the International Standard for Artificial Intelligence Management Systems (AIMS), as well as explaining the Standard’s use of AI ‘perspectives’. Neil leverages his 20+ years’ working with a range of risk and information security-related standards to discuss:
What ISO 42001 is intended for, and what it is not
How ISO 42001 is structured, and how it compares to other standards written in the ‘Harmonised Structure’
What an AIMS is
How you can establish the ‘trustworthiness’ of an AI system and how this concept is articulated through ‘AI perspectives’ in ISO 42001.
Learn more about this topic: https://www.urmconsulting.com/blog/iso-42001-and-ai-perspectives
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Nov 21, 2024
Thursday Nov 21, 2024
In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Data Protection Consultant at URM, explores the challenges of maintaining data protection compliance whilst conducting workplace monitoring, particularly in light of the workforce’s ever-increasing mobility, and how these challenges can be overcome. Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:
The definition of workplace monitoring and recent advances in monitoring technology
How to establish whether workplace monitoring complies with data protection legislation, such as the General Data Protection Regulation (GDPR)
The need to demonstrate fairness and transparency
Objections employees are entitled to make under the GDPR
Whether covert monitoring and automated decision making can be compliant
Balancing compliance and ethics when carrying out workplace monitoring.
Learn more about this topic: https://www.urmconsulting.com/blog/data-protection-considerations-for-monitoring-employees
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Nov 14, 2024
Thursday Nov 14, 2024
In this episode of InfoSec Insider, Les Krause-Whiteing, Senior Consultant at URM, breaks down the concepts of confidentiality, integrity and availability (CIA), the 3 fundamental principles on which strong information security is built, and why they are so important to the effective and comprehensive information security management. Les draws upon his extensive experience helping organisations enhance their information security to discuss:
What the CIA security triad is
How the principles of CIA tie into ISO 27001, and how they can help you meet the requirements of the Standard
Real-world examples of CIA not being maintained and the subsequent consequences
How to maintain the CIA of your organisation’s information.
Learn more about this topic: https://www.urmconsulting.com/blog/what-is-the-cia-security-triad-confidentiality-integrity-and-availability-explained
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.