InfoSec Insider
The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more. In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (BIA). Enhance your understanding and professional skillset with the InfoSec Insider podcast, brought to you by URM, the UK’s leading provider of cyber security and governance, risk management and compliance consultancy.
Listen on:
Episodes
Thursday Dec 05, 2024
Thursday Dec 05, 2024
In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, explains records of processing activities (ROPAs), a key document that almost every organisation must create and maintain in order to comply with the General Data Protection Regulation (GDPR). Stuart leverages his 25+ years of specialisation in data protection law to discuss:
What a ROPA is, which organisations need to have one
The advantages of having a ROPA in place and how this can benefit your GDPR compliance efforts
Who within an organisation needs to create the ROPA
The challenges associated with producing a ROPA and how these can be overcome
Whether you should first produce a data flow map before embarking on the ROPA
The next steps after the ROPA has been built.
Learn more about this topic: https://www.urmconsulting.com/blog/who-needs-a-ropa-and-why https://www.urmconsulting.com/blog/how-to-create-a-record-of-processing-activities-ropa
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Nov 28, 2024
Thursday Nov 28, 2024
In this episode of InfoSec Insider, Neil Jones, Senior Consultant at URM, breaks down the purpose and structure of the recently released ISO 42001, the International Standard for Artificial Intelligence Management Systems (AIMS), as well as explaining the Standard’s use of AI ‘perspectives’. Neil leverages his 20+ years’ working with a range of risk and information security-related standards to discuss:
What ISO 42001 is intended for, and what it is not
How ISO 42001 is structured, and how it compares to other standards written in the ‘Harmonised Structure’
What an AIMS is
How you can establish the ‘trustworthiness’ of an AI system and how this concept is articulated through ‘AI perspectives’ in ISO 42001.
Learn more about this topic: https://www.urmconsulting.com/blog/iso-42001-and-ai-perspectives
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Nov 21, 2024
Thursday Nov 21, 2024
In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Data Protection Consultant at URM, explores the challenges of maintaining data protection compliance whilst conducting workplace monitoring, particularly in light of the workforce’s ever-increasing mobility, and how these challenges can be overcome. Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:
The definition of workplace monitoring and recent advances in monitoring technology
How to establish whether workplace monitoring complies with data protection legislation, such as the General Data Protection Regulation (GDPR)
The need to demonstrate fairness and transparency
Objections employees are entitled to make under the GDPR
Whether covert monitoring and automated decision making can be compliant
Balancing compliance and ethics when carrying out workplace monitoring.
Learn more about this topic: https://www.urmconsulting.com/blog/data-protection-considerations-for-monitoring-employees
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Nov 14, 2024
Thursday Nov 14, 2024
In this episode of InfoSec Insider, Les Krause-Whiteing, Senior Consultant at URM, breaks down the concepts of confidentiality, integrity and availability (CIA), the 3 fundamental principles on which strong information security is built, and why they are so important to the effective and comprehensive information security management. Les draws upon his extensive experience helping organisations enhance their information security to discuss:
What the CIA security triad is
How the principles of CIA tie into ISO 27001, and how they can help you meet the requirements of the Standard
Real-world examples of CIA not being maintained and the subsequent consequences
How to maintain the CIA of your organisation’s information.
Learn more about this topic: https://www.urmconsulting.com/blog/what-is-the-cia-security-triad-confidentiality-integrity-and-availability-explained
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Nov 07, 2024
Thursday Nov 07, 2024
In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Data Protection Consultant at URM, explores some of the considerations and challenges of maintaining compliance with data protection legislation, such as the General Data Protection Regulation (GDPR), when developing and deploying artificial intelligence (AI) technology. Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:
The definition of AI
How the UK legislative framework around AI is evolving
The challenges associated with maintaining data protection compliance whilst developing and using AI, particularly in light of the GDPR’s 7 core principles
What you can do to overcome these challenges and achieve data protection compliance in AI systems.
Learn more about this topic: https://www.urmconsulting.com/blog/data-protection-considerations-for-artificial-intelligence-ai
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Oct 31, 2024
Thursday Oct 31, 2024
In this episode of InfoSec Insider, Stuart Moran, Senior Consultant at URM, explores the addition of climate change considerations to 31 management system standards by the International Standards Organization (ISO) and the International Accreditation Forum (IAF). Stuart draws upon more than 20 years of experience working with a wide range of ISO management system standards to discuss:
What the ISO/IAF climate change amendment is
How different industries might face unique challenges in integrating climate change considerations into their existing ISO management systems
ow you can leverage technology to enhance your climate change conformance efforts considering the increased focus on AI and cloud services in ISO standards
The future trends to anticipate given the evolving landscape of climate change regulations, and how you can prepare to adapt your management systems accordingly.
Learn more about this topic: https://www.urmconsulting.com/blog/iso-and-iaf-add-climate-change-considerations-to-31-management-systems-standards
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Oct 24, 2024
Thursday Oct 24, 2024
In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Data Protection Consultant at URM, provides some hints and tips on how to achieve and maintain compliance with the General Data Protection Regulation (GDPR), with a particular focus on the key documentation organisations need to have in place to comply. Stuart leverages over 25 years of experience to discuss:
The importance of maintaining documented evidence of your GDPR compliance under the ‘accountability’ principle
Some of the key compliance documentation you need to produce, including records of processing activities (RoPAs) data protection impact assessments (DPIAs), privacy notices and personal data retention policies
What information you will need to include in these documents
When these documents are mandatory and whether any organisations are exempt from producing them.
Learn more about this topic: https://www.urmconsulting.com/blog/10-top-tips-for-achieving-gdpr-compliance
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Oct 17, 2024
Thursday Oct 17, 2024
In this episode of InfoSec Insider, Frazer Grudgings, Senior Consultant at URM, highlights the common pitfalls and mistakes he frequently sees organisations make when implementing ISO 27001, and explores the steps you can take to avoid these pitfalls. Frazer draws upon his 15+ years of experience assisting organisations to implement ISO 27001 to discuss:
The most common mistakes made and challenges faced by organisations implementing ISO 27001
How to avoid making these mistakes and ensure your ISO 27001 implementation and certification process is as smooth and seamless as possible
Where you can look for help and support with your ISO 27001 implementation, both within your organisation and externally.
Learn more about this topic: https://www.urmconsulting.com/blog/common-pitfalls-identified-in-organisations-seeking-iso-27001-certification
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Oct 10, 2024
Thursday Oct 10, 2024
In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Consultant at URM, explores the key challenges of and considerations for maintaining data protection compliance when using facial recognition technology (FRT). Martin leverages his 20+ years of specialism in information management and data protection to discuss:
The different types of FRT and what they are used for
Real-world examples of FRT deployments by organisations and of an organisation facing enforcement action for noncompliant FRT deployment
The challenges associated with using facial recognition technology for organisations that need to comply with the General Data Protection Regulation (GDPR)
How you can ensure that your use of FRT is GDPR compliant.
Learn more about this topic: https://www.urmconsulting.com/blog/facial-recognition-technology-and-data-protection-compliance
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Oct 03, 2024
Thursday Oct 03, 2024
In this episode of InfoSec Insider, Sue West, one of URM’s Senior Consultants, breaks down 2 of her ‘golden rules’ for successful implementation of ISO 9001, the International Standard for Quality Management Systems (QMS’). Sue leverages more than 25 years of experience establishing, managing and auditing QMS’ to provide key insights on:
The meaning of top management ‘leadership and commitment’ in the context of ISO 9001 and why it is important to the success of an ISO 9001 implementation project
How management can effectively demonstrate leadership and commitment to the QMS when implementing ISO 9001
The importance of ensuring that the QMS is tailored to the organisation and its operations
What the ‘Process Approach’ means and how it can be used to build an effective, ISO 9001-conformant QMS.
Learn more about this topic: https://www.urmconsulting.com/blog/5-golden-rules-for-implementing-iso-9001
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.