InfoSec Insider

In this episode of InfoSec Insider, Frazer Grudgings, Senior Consultant at URM, offers key advice and guidance on creating an information security policy that meets the requirements of ISO 27001, the International Standard for Information Security Management Systems (ISMS’).  Frazer leverages his 15+ years of experience supporting organisations to certify against ISO 27001 to discuss:
What an information security policy is in the context of ISO 27001
How to develop an information security policy and what it should include in order to be conformant to the Standard
The purpose of an information security policy.
Learn more about this topic: https://www.urmconsulting.com/blog/developing-an-iso-27001-information-security-policy
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider 
You can find more episodes of InfoSec Insider here:  
https://urmconsulting.com/podcasts 
Brought to you by URM, the UK’s leading information and cyber security specialists.  

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Consultant at URM, provides a break down and analysis of how the Information Commissioner’s Office (ICO’s) has enforced UK data protection (DP) regulations in 2024, and how this compares to the action taken by the regulator in previous years.  Stuart leverages his 25+ years of specialisation in data protection law to discuss:   
The types of enforcement action available to the ICO (i.e., reprimands, enforcement notices and fines) and how they differ 
How the regulator has enforced the General Data Protection Regulation (GDPR) and Privacy and Electronic Communications Regulation (PECR) in 2024, in terms of: 
Its approach to fining public vs. private sector organisations, with examples of notable public sector fines imposed this year 
The differences in its approach to enforcing the GDPR vs. the PECR 
How the regulator’s enforcement activities compare to the action taken in 2023 
The sums of money involved in ICO fines, i.e., the average figure imposed by the ICO in 2024 and how much the ICO brought in for the Treasury this year 
How the ICO’s approach to enforcing DP law compares to other, European DP regulators 
Emerging trends and upcoming changes, such as the ICO’s crackdown on cookies compliance.  
Learn more about this topic:  https://www.urmconsulting.com/blog/analysis-of-fines-imposed-by-the-information-commissioners-office-in-2024 
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider     
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts     
Brought to you by URM, the UK’s leading information and cyber security specialists.    

In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, takes a deep dive into the unique cyber security challenges faced by small and medium-sized enterprises (SMEs), and the steps these organisations can take to improve their cyber security postures.  George leverages his extensive experience assisting organisations to enhance their cyber security to discuss:
The current state of the cyber security landscape for SMEs and how this differs to their larger counterparts
The issues SMEs are currently facing in addressing and enhancing their cyber security postures
How SMEs can improve their cyber security.
Learn more about this topic: https://www.urmconsulting.com/blog/cyber-essentials-improving-your-cyber-security-as-an-sme
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider  
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts  
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, shares some of his top tips for implementing an information security management system (ISMS) that is both conformant to the requirements of ISO 27001 and effectively enhances an organisation’s information security culture.  Wayne draws upon his 30+ years of experience in information security and risk management to discuss:
The role of top management in the success of an ISMS implementation project
The approach you should take when creating policies and procedures for an ISMS
How to encourage employees to take ownership of information security as part of their day-to-day responsibilities
The importance of a clear risk assessment, engaging all levels of the organisation from the outset, and of building information security into business processes.
Learn more about this topic: https://www.urmconsulting.com/blog/top-tips-for-implementing-an-effective-iso-27001-conformant-isms
 
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   
 
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts 
  
Brought to you by URM, the UK’s leading information and cyber security specialists.    

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, breaks down the Social Tenant Access to Information Requirements (STAIRs), an upcoming standard with which private registered providers (PRPs) of social housing (such as housing associations) will need to comply.  Stuart leverages his 25+ years of specialisation in data protection law to discuss:
What STAIRs is and the issues it has been designed to address
The rights that STAIRs will provide to tenants living in private sector-run social housing, and the types of information requests it is likely to be used for
How STAIRs compares to the Freedom of Information Act (FOIA) and to the General Data Protection Regulation’s (GDPR’s) provisions on data subject access requests (DSARs)
What comes next for STAIRs.
Learn more about this topic:  
https://www.urmconsulting.com/blog/stairs-a-new-standard-for-social-housing-providers
 
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   
 
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   
Brought to you by URM, the UK’s leading information and cyber security specialists.    

In this episode of InfoSec Insider, Chris Heighes, Senior Consultant at URM, takes a deep dive into the Digital Operations Resilience Act (DORA), a new EU regulation for financial entities and their key suppliers to improve their digital operational resilience, which comes into force on 17 January 2025.  Chris Leverages his 30 years of IT experience and 15 years’ experience in information security to discuss:
What DORA is
Which entities are in scope of the Act
How DORA’s requirements differ from those of ISO 27001, the International Standard for Information Security Management Systems (ISMS)
The timelines for implementation of DORA and how it will be enforced.
Learn more about this topic: https://www.urmconsulting.com/blog/the-digital-operations-resilience-act-dora
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   
Brought to you by URM, the UK’s leading information and cyber security specialists.     

In this episode of InfoSec Insider, Alastair Stewart, Senior Consultant and Qualified Security Assessor (QSA) at URM, breaks down the changes to assessments in v4.0 of the Payment Card Industry Data Security Standard (PCI DSS), and how organisations can prepare for their v4 assessments.  Alastair leverages more than a decade of experience with the PCI DSS to discuss:  
The types of evidence the PCI DSS requires, whether there are any new evidence types in v4 and preparing evidence in advance of your assessment 
How QSAs collected evidence when assessing previous versions of the PCI DSS and how this has changed in v4 
How these changes will impact assessments against v4 
His key advice for organisations undergoing PCI DSS v4 assessments 
Changes to the self-assessment questionnaires (SAQs) for both merchants and service providers, and whether any new SAQs have been added.  
Learn more about this topic: https://www.urmconsulting.com/blog/preparing-for-a-pci-dss-v4-0-assessment  
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider     
You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts     Brought to you by URM, the UK’s leading information and cyber security specialists.       

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Data Protection Consultant at URM, breaks down a recent opinion issued by the EU Data Protection Board (EDPB) in response to questions from the Irish Data Protection Commission (DPC) on the compliant processing of personal data in the development and deployment stages of artificial intelligence (AI) models.  Stuart draws upon his 25+ years of experience in data protection to discuss:
What the EDPB is and how the opinion it has recently issued came aboutThe EDPB’s response to the DPC’s questions, i.e.,
How and when an AI model can be considered ‘anonymous’ (not containing any personal data)
Demonstrating the appropriateness of legitimate interests as a lawful basis for processing personal data in AI models
The impact of unlawful personal data processing in the development phase on the subsequent deployment or operation of an AI model
The significance of the EDPB’s opinion for UK-based organisations in light of Brexit.  
 If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider    
    
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts    
 
Brought to you by URM, the UK’s leading information and cyber security specialists.     
 

In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, breaks down the current state of cyber security in the modern business landscape and the common cyber security failings and challenges he sees organisations face, as well as offering key advice and guidance on what organisations can do to protect against these threats.  George leverages his extensive experience assisting organisations to enhance their cyber security to discuss:
The current cyber security landscape and the common security pitfalls that are leading to an upward trend in cyber security incidents
How the cyber security landscape is likely to evolve in the future as a result of ongoing technological developments, such as in the field of artificial intelligence (AI)
How organisations can protect themselves against these threats and the benefits of certifying to the Cyber Essentials scheme to do so.
Learn more about this topic: https://www.urmconsulting.com/blog/mitigating-cyber-risks-why-cyber-essentials-matters-more-than-ever 
 
 If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here:    
https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here:   https://urmconsulting.com/podcasts   
   
Brought to you by URM, the UK’s leading information and cyber security specialists.    

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, breaks down the common mistakes and challenges organisations come up against on both sides of their certification assessment, i.e., before the external assessment when the Information Security Management System (ISMS) is first being implemented, and after certification has been achieved and the ISMS is being maintained.  Wayne leverages his 30+ years of experience in information security and risk management to discuss:  
The mistakes he frequently sees organisations make when implementing ISO 27001 and preparing to certify  
The common mistakes organisations make in maintaining their ISMS and ISO 27001 certification  
New common pitfalls he has seen regarding organisations’ implementation of the 2022 version of the Standard 
Challenges and mistakes that organisations from particular industries and sectors should look out for.  
Learn more about this topic: https://www.urmconsulting.com/blog/common-pitfalls-identified-in-organisations-seeking-iso-27001-certification 
 
 If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:   https://ratethispodcast.com/infosecinsider   
 You can find more episodes of InfoSec Insider here:   https://urmconsulting.com/podcasts   
  
Brought to you by URM, the UK’s leading information and cyber security specialists.