InfoSec Insider

In this episode of InfoSec Insider – Talk DP, Rachael Salter and Aimee Brown, both Data Protection Consultants at URM, provide their insights on overcoming data subject access request (DSAR) challenges and how organisations can gain benefits from the fulfilment of DSARs, rather than treating them purely as a business burden.   Rachael and Aimee leverage over 20 years’ combined experience in data protection to discuss: • Whether DSARs can actually enhance customer trust, or are simply a compliance checkbox exercise for organisations• How organisations can reframe DSAR handling as an opportunity to improve their data governance • The hidden costs of DSARs and how you can measure whether those costs bring any tangible benefits• When it is appropriate to push back on a DSAR as ‘manifestly unfounded’ or ‘excessive’ and how to defend this decision to the regulator• How to proactively use DSAR data to inform your privacy strategy and customer engagement. 
Ask Rachael and Aimee a question:  https://urmconsulting.com/podcasts/dsars-a-business-burden-vs-a-data-protection-opportunity
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider    You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts    Connect with us on LinkedIn    Brought to you by URM, the UK’s leading information and cyber security specialists.  

In this episode of InfoSec Insider, George Ryan, Consultant at URM, provides key advice and guidance on the impact of artificial intelligence (AI) on organisations, and the steps they can take to establish control over its usage.  George leverages his extensive experience helping organisations strengthen their information and cyber security to discuss:  
What ‘AI’ is  
How AI and its usage can impact organisations 
How organisations can look to control AI among its staff and within its operations. 
Learn more about this topic: https://www.urmconsulting.com/blog/establishing-organisational-control-over-artificial-intelligence 
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider        
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts        
Brought to you by URM, the UK’s leading information and cyber security specialists. 

In this episode of InfoSec Insider, Martin Brazier, Senior Consultant at URM, explores the EU Artificial Intelligence (AI) Act, the world’s first comprehensive regulation on AI by a major regulator.  Maritn draws upon over 20 years of experience in compliance, information management and data protection to discuss:
What AI is and how it is defined by the EU AI Act
Which entities the Act is applicable to, the different ‘compliance roles’ it defines and the obligations associated with each
How AI risk is categorised, and the provisions for and restrictions upon each risk level
How the AI Act will be enforced
The current UK approach to AI legislation and the impact of the AI Act beyond the EU.
Learn more about this topic: https://www.urmconsulting.com/blog/the-eu-artificial-intelligence-act
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider     
 
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts     
 
Brought to you by URM, the UK’s leading information and cyber security specialists.    

In this episode of InfoSec Insider, Scott Lloyd, Senior Consultant at URM, offers key advice and guidance on the ISO 27001 certification process, how organisations can ensure they are prepared for a smooth and successful certification assessment.  Scott leverages his extensive experience in the field of information security to discuss:
Common misconceptions about certification
The ‘must-have’ documentation organisations need to have in place ready for their Stage 1 audit
The Stage 2 audit, the difference between minor and major nonconformities and how they affect certification
How organisations should handle minor nonconformities so that they do not become majors in the future
The 3-year certification cycle and Continual Assessment Visits (CAVs)
Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-how-certification-works
 
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider      
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts      
Brought to you by URM, the UK’s leading information and cyber security specialists.    
 

In this episode of InfoSec Insider – Talk Cyber, George Ryan, consultant at URM, provides his insights on the steps organisations can take to protect themselves against ransomware attacks.  George leverages his extensive experience helping organisations strengthen cyber security measures to discuss:
What ransomware is and why it has so frequently made headlines in recent years
Who is responsible for protecting an organisation against ransomware
The role of people, processes and technology in enhancing ransomware defences
Which measures organisations with minimal or no cyber security should prioritise.
Learn more about this topic: https://www.urmconsulting.com/blog/critical-cyber-security-practices-to-defend-against-ransomware-attacks
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider      
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts      
Brought to you by URM, the UK’s leading information and cyber security specialists.       

In this episode of InfoSec Insider, Martin Brazier, Senior Consultant at URM, breaks down the Social Tenants Access to Information Requirements (STAIRs), a forthcoming information access standard that will give greater rights to tenants of private registered providers (PRPs).  Martin leverages over 20 years of information management and data protection experience to discuss:
What the STAIRs are and how they came about
What PRPs will need to do to comply with the STAIRs
The steps organisations can take now to prepare for STAIRs compliance.
 If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://www.urmconsulting.com/blog/getting-ready-for-the-social-tenant-access-to-information-requirements-stairs
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   
 Brought to you by URM, the UK’s leading information and cyber security specialists.

In this episode of InfoSec Insider, Mark O’Kane, Consultant at URM, provides key advice and guidance on the two business continuity-related controls in Annex A of ISO 27001.  Mark draws upon his extensive experience helping organisations implement and certify against the Standard to discuss:
The requirements of the business continuity controls and how they help organisations security their assets during a disruption
How organisations can meet the requirements of and ensure conformance to Controls A.5.29 and A.5.30
The common mistakes organisations make when implementing and maintaining these controls, and how these mistakes can be avoided.
Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-2022-a-5-organisational-controls-business-continuity
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider    
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts    
Brought to you by URM, the UK’s leading information and cyber security specialists.    
 

In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, provides his insights on the best next steps organisations can take following Cyber Essentials certification to further enhance their security.  George leverages his extensive experience assisting organisations to strengthen their cyber security measures to discuss:  
What is covered by the Cyber Essentials scheme
The more advanced cyber and information security frameworks organisations can implement having achieved Cyber Essentials
How organisations can enhance their cyber and information security without implementing additional frameworks.
Learn more about this topic: https://www.urmconsulting.com/blog/supplementing-cyber-essentials
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider    
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts    
Brought to you by URM, the UK’s leading information and cyber security specialists.     

In this episode of InfoSec Insider, Mark O’Kane, Consultant at URM, offers his insights and advice on the six incident management-related controls in Annex A of ISO 27001, which are contained within the ‘Organisational’ and ‘People’ control themes.  Mark leverages his extensive experience supporting organisations to implement ISO 27001 to discuss:
The requirements of the incident management controls and how they fit into the overall aim of the ‘Organisational’ and ‘People’ control themes
How the incident management controls help organisations address information security incidents
How organisations can effectively put these controls into practice.
Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-2022-a-5-organisational-controls-incident-management
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here:    https://urmconsulting.com/podcasts   
Connect with us on LinkedIn 
Brought to you by URM, the UK’s leading information and cyber security specialists.  
 

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Data Protection Consultant at URM, provides his insights on the Data (Use and Access) Act, which received Royal Assent on 19 June.  Stuart draws upon over 25 years of specialisation in data protection law to discuss:
The background, scope, and intention of the DUA Act
How the DUA Act is expected to impact the UK’s data protection regulatory landscape, and how it may lighten the compliance burden on organisations, particularly in relation to:
Automated decision-making
International transfers of personal data
Data subject access requests (DSARs)
The Privacy and Electronic Communications Regulations (PECR)
The ‘legitimate interests’ basis for processing
Which provisions in the Act may make data protection compliance more difficult
When these changes are likely to come into force.
Learn more about this topic: https://www.urmconsulting.com/blog/dua-act-finally-becomes-law
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider    
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts    
Brought to you by URM, the UK’s leading information and cyber security specialists.