InfoSec Insider

In this episode of InfoSec Insider, Frazer Grudings, Senior Consultant at URM, shares his insights on Clause 5.1 of ISO 27001, which covers the leadership and commitment requirements for an information security management system (ISMS) that is conformant to the Standard.  Frazer draws upon over 15 years of information security experience to discuss:
The requirements of Clause 5.1 and what conformance to this Clause involves
Why leadership and commitment matter to an ISMS
What can go wrong when leadership and commitment are not demonstrated.
Learn more about this topic:  https://www.urmconsulting.com/blog/iso-27001-clause-5-1-leadership-and-commitment-explained
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here:    https://urmconsulting.com/podcasts   
Brought to you by URM, the UK’s leading information and cyber security specialists.  
 

In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, offer their advice on the systems and controls that are often overlooked in relation to the Payment Card Industry Data Security Standard (PCI DSS).  Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss: 
Why the PCI DSS covers systems that don’t store card data, such as DNS servers or time servers
Why time synchronisation (NTP servers) is a PCI requirement
How card data can leak through system logs and how this can be avoided
Printers, custom error messages, IoT devices – why they’re in scope and how to maintain compliance.
Ask Alastair and Tibor a question: https://www.urmconsulting.com/podcasts/pci-dss-the-overlooked-systems
 
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider    
 
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts    
 
Connect with us on LinkedIn    
 
Brought to you by URM, the UK’s leading information and cyber security specialists.  

In this episode of InfoSec Insider – Talk DP, Rachael Salter and Aimee Brown, both Consultants at URM, explore individuals’ rights under the GDPR beyond the right of access (the most widely discussed of the data subject rights), and the requirements and obligations on organisations handling these.  Rachael and Aimee draw upon over 20 years’ combined experience in data protection to discuss:
The data rights aside from the right of access that tend to unexpectedly consume business resources and why
The operational risks posed to small and medium-sized enterprises (SMEs) by rights such as erasure, rectification, restriction, portability, and objection
How SMEs can recognise success in handling these rights without drowning in process complexity
The common pitfalls that cause unnecessary challenges or regulatory difficulties when dealing with these rights
How, in real-world terms, businesses can balance customer empowerment through data rights with maintaining smooth, cost-effective operations.
Ask Rachael and Aimee a question.
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider     
You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts     
Connect with us on LinkedIn 
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider, Martin Brazier, Senior Consultant at URM, shares his top tips on crisis communication, considering the steps organisations can take to prepare before a crisis occurs, while it is happening, and after it’s been dealt with to ensure communication is as effective and seamless as possible.  Martin draws upon his extensive experience helping organisations enhance their business continuity to discuss:
What a ‘crisis’ is
What crisis communication is and how it fits into business continuity planning
Why crisis communications matter
7 top tips on ensuring your organisation can communicate effectively in a crisis, such as planning ahead of time, setting the right tone, listening to feedback, and more.
Learn more about this topic: https://www.urmconsulting.com/blog/the-eu-artificial-intelligence-act
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider      
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts      
Brought to you by URM, the UK’s leading information and cyber security specialists.    

In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, provides his insights into phishing and what organisations can do to protect themselves against it.  George draws upon his extensive experience helping organisations strengthen their cyber security to discuss:
What phishing is and the various forms it takes
How phishing achieves its goal by influencing behaviour, and how artificial intelligence (AI) impacts this
The steps organisations can take to protect themselves against phishing.
Learn more about this topic: https://www.urmconsulting.com/blog/building-cyber-security-resilience-against-phishing
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider      
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts      
Brought to you by URM, the UK’s leading information and cyber security specialists.      

In this episode of InfoSec Insider, Jack Woods and Mark O’Kane, both Consultants at URM, take a deep dive on the ‘People’ controls theme in ISO 27001, and why these controls matter in today’s hybrid workplaces, how they strengthen information security, and what auditors look for during assessments.  Jack and Mark draw upon their extensive experience supporting organisations’ implementation of the Standard to discuss:
How to balance the risk of potential insider threats against the downsides of overzealous background checks when implementing pre-employment screening
The practical steps you can take to meaningfully enforce people controls beyond generic policies in the context of remote and hybrid work environments
How to ensure incident reporting for information security is both mandatory and non-punitive, so employees feel safe to report without fear of reprisal
The types of evidence auditors expect to see in a people controls-focused audit
The risks that arise when people controls such as training or NDAs are not routinely reviewed/updated as working patterns or staff roles evolve.
Ask Jack and Mark a question: https://urmconsulting.com/podcasts/iso-27001-people-controls
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider     
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts     
Connect with us on LinkedIn     
Brought to you by URM, the UK’s leading information and cyber security specialists.

In this episode of InfoSec Insider, Neil Jones, Senior Consultant at URM, explores artificial intelligence impact assessments (AIIAs), a key conformance activity required by ISO 42001, the International Standard for AI Management Systems (AIMS).  Neil leverages over 20 years of experience working with risk and information security-related standards to discuss:
What an AIIA is under ISO 42001, and how it differs from a typical risk assessment
The role of ISO 42005 and how it relates to AIIAs
The seven sections of an AIIA and what each section covers
When in the AI lifecycle you need to conduct an AIIA
How organisations should balance AIIAs with risk assessments in the context of ISO 42001.
Learn more about this topic: https://www.urmconsulting.com/blog/iso-42001-artificial-intelligence-impact-assessments-aiias
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider      
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts      
Brought to you by URM, the UK’s leading information and cyber security specialists.    

In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, offer advice on compliance with the Payment Card Industry Data Security Standard (PCI DSS), with a particular focus on the ‘human’ element of security.  Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss:
How you can minimise the risk of noncompliance caused by human error or behaviour
The compliance complications associated with using wireless devices such as Bluetooth headphones
Whether ‘pause-and-resume’ recording in call centres is truly secure
How to avoid card data leaking through CCTV cameras in environments such as call centres
And more!
Ask Alastair and Tibor a question: https://urmconsulting.com/podcasts/ the-people-side-of-pci-dss
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here:     https://urmconsulting.com/podcasts   
Connect with us on LinkedIn   
Brought to you by URM, the UK’s leading information and cyber security specialists.  

In this episode of InfoSec Insider – Talk DP, Rachael Salter and Aimee Brown, both Data Protection Consultants at URM, provide their insights on overcoming data subject access request (DSAR) challenges and how organisations can gain benefits from the fulfilment of DSARs, rather than treating them purely as a business burden.   Rachael and Aimee leverage over 20 years’ combined experience in data protection to discuss: • Whether DSARs can actually enhance customer trust, or are simply a compliance checkbox exercise for organisations• How organisations can reframe DSAR handling as an opportunity to improve their data governance • The hidden costs of DSARs and how you can measure whether those costs bring any tangible benefits• When it is appropriate to push back on a DSAR as ‘manifestly unfounded’ or ‘excessive’ and how to defend this decision to the regulator• How to proactively use DSAR data to inform your privacy strategy and customer engagement. 
Ask Rachael and Aimee a question:  https://urmconsulting.com/podcasts/dsars-a-business-burden-vs-a-data-protection-opportunity
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider    You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts    Connect with us on LinkedIn    Brought to you by URM, the UK’s leading information and cyber security specialists.  

In this episode of InfoSec Insider, George Ryan, Consultant at URM, provides key advice and guidance on the impact of artificial intelligence (AI) on organisations, and the steps they can take to establish control over its usage.  George leverages his extensive experience helping organisations strengthen their information and cyber security to discuss:  
What ‘AI’ is  
How AI and its usage can impact organisations 
How organisations can look to control AI among its staff and within its operations. 
Learn more about this topic: https://www.urmconsulting.com/blog/establishing-organisational-control-over-artificial-intelligence 
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider        
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts        
Brought to you by URM, the UK’s leading information and cyber security specialists.