InfoSec Insider
The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more. In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (BIA). Enhance your understanding and professional skillset with the InfoSec Insider podcast, brought to you by URM, the UK’s leading provider of cyber security and governance, risk management and compliance consultancy.
Listen on:
Episodes
Thursday Sep 26, 2024
Thursday Sep 26, 2024
In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, provides a break down and analysis of the enforcement actions delivered since the beginning of 2023 by the Information Commissioner’s Office (ICO), the UK’s privacy regulator, to highlight emerging trends and lessons that can be learned from how the ICO enforces data protection legislation such as the UK General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR). Stuart leverages his 25+ years of specialisation in data protection law to discuss:
The differences between the enforcement actions that are available to the ICO, i.e., Enforcement Notices, Reprimands, and Monetary Penalties
The ICO’s enforcement activities in 2023 – the amount of fines compared to reprimands, and the sums of money involved
The ICO’s enforcement activities in the first half of 2024 and how they compare to the same period in 2023
Trends that can be observed in the ICO’s enforcement activities and the ICO’s approach to issuing fines vs. reprimands
How the ICO’s use of monetary penalties compares to its European counterparts.
Learn more about this topic: https://www.urmconsulting.com/blog/analysis-of-fines-imposed-by-the-information-commissioners-office-in-2023 https://www.urmconsulting.com/blog/ico-enforcement-action-january-june-2024
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Sep 19, 2024
Thursday Sep 19, 2024
In this episode of InfoSec Insider, Alastair Stewart, Payment Card Industry Qualified Security Assessor (PCI QSA) and Senior Consultant at URM, explores some of the new requirements for e-commerce pages in version 4.0 of the PCI Data Security Standard (PCI DSS), providing valuable advice and guidance on what organisations can do to remain PCI DSS compliant as they transition to v4.0. Alastair leverages his 10+ years of experience assisting organisations to comply with the PCI DSS to discuss:
What the new requirements are for e-commerce pages in PCI DSS v4.0
How organisations can go about meeting the new requirements
Which organisations the new requirements for e-commerce pages will and will not be applicable to
How challenging it will be for organisations to meet the new requirements
Why the new requirements have been introduced
Which of the new requirements for e-commerce pages have been added to the self-assessment questionnaires (SAQs) and which SAQs they have been added to.
Learn more about this topic: https://www.urmconsulting.com/blog/what-are-the-key-new-requirements-with-pci-dss-4-0
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Sep 12, 2024
Thursday Sep 12, 2024
In this episode of InfoSec Insider – Talk DP, Rachael Salter, Senior Data Protection Consultant at URM, discusses organisations’ obligations under the General Data Protection Regulation (GDPR) when fulfilling data subject access requests (DSARs) and the challenges associated with processing these requests. Rachael leverages her 10+ years of experience working in data protection compliance to provide advice and guidance on:
What a DSAR is and how to recognise one
When organisations are required to redact information from the personal data provided to the data subject
When organisations can refuse to process a DSAR and what ‘manifestly unfounded or excessive’ means in practice.
Learn more about this topic: https://www.urmconsulting.com/blog/everything-you-need-to-know-about-dsars
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Thursday Sep 05, 2024
Thursday Sep 05, 2024
In the episode of InfoSec Insider Wayne Armstrong, Senior Information Security Consultant at URM, discusses the Certificate in Information Security Management Principles (CISMP), a BCS managed, foundation-level information security qualification. Drawing upon his 30+ years’ experience in IT, information security and risk management, Wayne discusses:
What the CISMP is
What is covered in the CISMP curriculum
Who the CISMP is for and the benefits they could reap from sitting a CISMP course/exam.
Learn more about this topic:
https://www.urmconsulting.com/blog/a-guide-to-the-certificate-in-information-security-management-principles-cismp
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here:
https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts
Thursday Aug 29, 2024
Thursday Aug 29, 2024
In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, takes us ‘back to basics’ with the General Data Protection Regulation (GDPR), breaking down the key data protection concepts and terminology you will need to understand if you want to achieve and maintain compliance with the GDPR. Stuart leverages his 25+ years of specialisation in data protection law to discuss:
What counts as ‘processing’, ‘personal data’, and who counts as a ‘data subject’ under the GDPR
The definition of ‘special category personal data’, and how requirements for processing this type of data differ
‘Data processers’ and ‘data controllers’ – what they are, and the differences between the GDPR requirements for these two types of entities
What ‘cookies’ are and how they are relevant to the GDPR.
Learn more about this topic: https://www.urmconsulting.com/blog/gdpr-back-to-basics
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here:
https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
Wednesday Jul 24, 2024
Wednesday Jul 24, 2024
Sue West offers helpful advice and guidance on how to integrate multiple management systems which are conformant to/certified against ISO standards, with a particular focus on integrating an ISO 9001 quality management system (QMS) and an ISO 27001 information security management system (ISMS). Learn more about this topic: https://www.urmconsulting.com/blog/a-comparison-of-iso-9001-and-iso-27001