Episodes
-
In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, provides his insights on the 4 controls that relate to access management in the ‘Organisational’ control theme of ISO 27001’s Annex A. Wayne leverages his 30+ of experience with information security to discuss:
The requirements of each of the following 4 controls and how your organisation can go about meeting them:
A.5.15 – Access control A.5.16 – Identity management A.5.17 – Authentication information A.5.18 – Access rights.Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-2022-a-5-organisational-controls-access-management
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, breaks down the 5 supplier management-related controls in the ‘Organisational’ control theme of ISO 27001’s Annex A. Wayne draws upon 30+ of experience with information security to discuss:
Why your organisation should consider supplier management as part of information security What each of the following 5 controls cover and how to implement them: A5.19 – Information security in supplier relationships A5.20 – Addressing information security within supplier relationships A5.21 – Managing information security in the ICT supply chain A5.22 – Monitoring, review and change management of supplier services A5.23 – Information security for use of cloud services.Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-2022-a-5-organisational-controls-supplier-management
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
Missing episodes?
-
In this episode of InfoSec Insider, Jack Woods, Consultant at URM, explores information risk assessment and risk treatment in the context of ISO 27001, the International Standard for Information Security Management Systems (ISMS’). Jack leverages his extensive experience assisting organisations to implement an ISMS and certify to the Standard to discuss:
The purpose of a risk assessmentHow risk fits into ISO 27001 and its requirementsHow to conduct an information security risk assessmentThe actions you can take to treat the risks you identify.Learn more about this topic: https://www.urmconsulting.com/blog/information-risk-assessment-and-treatment-in-iso-27001
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, provides his insights on the 34 technological controls in Annex A of ISO 27001 and how these can be implemented by organisations looking to conform or certify to the Standard. Wayne leverages his 30+ years of experience in information security and risk management to discuss:
What the technological controls in ISO 27001 are designed to achieveHow you can go about selecting the most appropriate technological controls for your organisationHow the guidance contained in ISO 27002, the supplementary standard to ISO 27001, can help your organisation meet the Standard’s requirements in relation to technological controlsThe constraints that may prevent your organisation from implementing certain controls, and how these can be overcomeThe importance of balancing security and operational effectiveness and efficiency.Learn more about this topic: https://www.urmconsulting.com/blog/implementing-technological-controls-in-iso-27001
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, breaks down the ‘Physical’ control theme from Annex A of ISO 27001, which are a set of security measures aimed at protecting an organisation’s physical assets and environment, such as their buildings, equipment, and paper copies of documents. Wayne leverages his 30+ of experience with information security to discuss:
Why the physical security controls are important and what physical controls are recommended by ISO 27001Whether you still need to consider physical security when all your data is stored in and accessible from the cloudThe benefits of controls such as access cards and visible IDs for staff accessing business premisesThe relevance of physical controls for remote workersHow to overcome the common pitfalls associated with operating and managing physical security controls.Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-2022-annex-a-physical-controls
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Data Protection Consultant at URM, breaks down the General Data Protection Regulation’s (GDPR’s) requirements for organisations that need to share personal data with the police in order to report a crime, or following a request for data to assist with an investigation. Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:
The legislative framework governing police access to personal data, including Part 3 of the Data Protection Act 2018The lawful bases under the UK GDPR for sharing personal data with the police, and when each may applyConsiderations for compliance with the purpose limitation and data minimisation principles when providing the police with personal dataWhat to consider when sharing special category and criminal offence data with the police, including applicable conditions under the DPA 2018Whether individuals need to be informed of any data sharingPractical guidance on how to ensure any data shared is lawful, proportionate, and compliant with the data protection principles.Learn more about this topic: https://www.urmconsulting.com/blog/sharing-personal-data-with-the-police
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, explains the steps organisations can take to effectively plan, conduct, and action an ISO 27001 internal audit. Wayne draws upon 30+ years of experience in the information security and risk management field to discuss:
The key things to remember when planning your audit programme and to plan specific auditsHis tips for auditors when they are conducting auditsThe key considerations when reporting on audit resultsWhen you may need to follow-up on audit findings and when you can consider an audit closed.Learn more about this topic: https://youtu.be/5nFz8nhIZdE
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider, Frazer Grudgings, Senior Consultant at URM, provides key insights on the ‘People’ control theme of ISO 27001’s Annex A, which are measures organisations can implement to protect employees and influence their behaviour in relation to information security. Frazer leverages his over 15 years of experience in the information security field to discuss:
Why ‘people controls’ warrants its own control theme How screening and pre-employment policies can help His hints and tips for effectively implementing the people controls and for a successful people controls audit.Learn more about this topic: https://www.urmconsulting.com/blog/implementing-and-auditing-people-controls-from-iso-27001-2022
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider, Stuart Moran, Senior Consultant at URM, offers essential advice on ISO 13485, the International Standard for Medical Devices Quality Management Systems (MDQMS). Stuart draws upon over 20 years of experience in managing organisation-wide management systems to discuss:
What ISO 13485 is and why it’s important for regulatory complianceWhich organisations ISO 13485 is applicable to, including medical device manufacturers and their suppliersWhen you should consider implementing ISO 13485How and why ISO 13485 differs from other management system standards you may have implementedAligning and integrating other ISO standards activities and documentation with ISO 13485 requirementsWhether the current, very significant changes to US federal agencies will impact the Food and Drug Administration’s (FDA’s) move to align their regulation with ISO 13485.Learn more about this topic: https://www.urmconsulting.com/blog/iso-13485-medical-devices-quality-management-system-explained
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Consultant at URM, explains the General Data Protection Regulation’s (GDPR’s) requirements around special category personal data, and how organisations can ensure they are not processing it unknowingly or unnecessarily. Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:
What the GDPR defines as ‘special category data’ and the extra protections it affords to this type of personal dataThe Information Commissioner’s Office’s (ICO’s) guidance on inferring special category dataReal-world Court of Justice of the European Union (CJEU) judgements that relate to the inferring or inadvertent collection of special category data, and what can be learned from these judgementsHow you may be processing special category data unknowingly, and the steps you can take to avoid noncompliance.Learn more about this topic: https://www.urmconsulting.com/blog/are-you-processing-special-category-personal-data-without-knowing-it
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider, Alastair Stewart, Senior Consultant and Qualified Security Assessor (QSA) at URM, explores the ways in which artificial intelligence (AI) tools and systems can be leveraged for compliance with the Payment Card Industry Data Security Standard (PCI DSS). Alastair draws upon over a decade of experience with the PCI DSS to discuss:
PCI DSS basics – what the PCI DSS is, which organisations need to comply, and how compliance the Standard is assessedHow AI can help secure cardholder data – the use cases for AI within the PCI DSS and the areas of PCI DSS compliance that AI can enhanceHow AI can assist with your PCI DSS assessment – the ways in which AI can and cannot be used to enhance and streamline evidence collection and assessmentsThe future of the PCI DSS in relation to AI.Learn more about this topic: https://www.urmconsulting.com/blog/the-impact-of-ai-on-pci-dss-compliance
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider, Frazer Grudgings, Senior Consultant at URM, shares his top 10 tips on how to embed key cyber security practices and maintain the security of your organisation’s information assets whilst working remotely, whether that be from home or another location. Frazer draws upon 15+ years in the information security field to explain the importance of and how to implement the following best practices:
Keeping assets out of sightUsing strong passwords on company devices and accountsEnsuring your device is full patchedMaintaining the security of your home Wi-Fi connection and routerSetting up a separate virtual network (where necessary)And many more!Learn more about this topic:
https://www.urmconsulting.com/blog/10-top-tips-for-maintaining-information-and-cyber-security-when-homeworking
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider, Chris Heighes, Senior Consultant at URM, breaks down the System and Organization Controls 2 (SOC 2), an information security framework aimed at providing assurance to a service provider’s clients that their data is stored and processed in a secure manner. Chris leverages his 15+ years of experience in the information security space to discuss:
Which organisations should be considering a SOC 2 auditWhat a SOC 2 audit involvesThe benefits of having a SOC 2 reportThe challenges an organisation may face when preparing for their first SOC 2 audit.Learn more about this topic: https://www.urmconsulting.com/blog/soc-2-explained
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider, Alastair Stewart, Senior Consultant and Qualified Security Assessor (QSA) at URM, provides key advice and guidance on the steps organisations can take to streamline and reduce their Payment Card Industry Data Security Standard (PCI DSS) scope. Alastair leverages more than a decade of experience with the PCI DSS to discuss:
What the PCI DSS defines as ‘in scope’, what system components are and how you can assess the scope of individual systemsThe benefits of reducing your scopeHow you can go about reducing your scope, including a comprehensive breakdown of the different scope reduction methods available to you, including segmentation, encryption, outsourcing, and more.Learn more about this topic: https://www.urmconsulting.com/blog/5-ways-to-reduce-your-pci-dss-scope
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider – Talk Cyber, Stuart Skelly, Senior Consultant at URM, explains a recently announced consultation by the UK government into proposals by the Home Office, which would increase its control and visibility of ransomware attacks on organisations operating in the UK. Stuart leverages his extensive legal background and experience as a governance, risk and compliance consultant to discuss:
What is meant by ransomware and a ransomware cyber attackThe Home Office’s proposals – what they are and which organisations they would affect if they come into forceThe complications and challenges these proposals could createHow interested organisations can send a response to the Home Office.If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider, Frazer Grudgings, Senior Consultant at URM, offers key insights on ISO 27001’s supplementary guidance standard, ISO 27002, which provides guidance on implementation of the ISO 27001 Annex A controls. Frazer leverages his 15+ years of experience to discuss:
What ISO 27002 isThe ‘attributes’ framework in ISO 27002 and the purpose of this frameworkThe different ways ISO 27002 can be used.Learn more about this topic: https://www.urmconsulting.com/blog/iso-27002-the-unsung-hero
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Data Protection Consultant at URM, explains the importance of data protection for building and maintaining customer trust, and offers key advice on how to ensure that your data processing practices will help facilitate strong relationships with your customer base. Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:
Why customers are now more likely to care about how businesses take care of their dataHow to embed transparency and privacy into your organisation’s processingThe importance of making customers feel that they have some control over how their personal data is processedThe types of personal data customers value the most and the least, and the usages of their personal data (e.g., data resale, targeted marketing, etc.) that they do and do not trust.Learn more about this topic:
https://www.urmconsulting.com/blog/how-to-build-customer-trust-and-loyalty-through-data-protection-best-practice
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider, Frazer Grudgings, Senior Consultant at URM, offers key advice and guidance on creating an information security policy that meets the requirements of ISO 27001, the International Standard for Information Security Management Systems (ISMS’). Frazer leverages his 15+ years of experience supporting organisations to certify against ISO 27001 to discuss:
What an information security policy is in the context of ISO 27001How to develop an information security policy and what it should include in order to be conformant to the StandardThe purpose of an information security policy.Learn more about this topic: https://www.urmconsulting.com/blog/developing-an-iso-27001-information-security-policy
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Consultant at URM, provides a break down and analysis of how the Information Commissioner’s Office (ICO’s) has enforced UK data protection (DP) regulations in 2024, and how this compares to the action taken by the regulator in previous years. Stuart leverages his 25+ years of specialisation in data protection law to discuss:
The types of enforcement action available to the ICO (i.e., reprimands, enforcement notices and fines) and how they differ How the regulator has enforced the General Data Protection Regulation (GDPR) and Privacy and Electronic Communications Regulation (PECR) in 2024, in terms of: Its approach to fining public vs. private sector organisations, with examples of notable public sector fines imposed this year The differences in its approach to enforcing the GDPR vs. the PECR How the regulator’s enforcement activities compare to the action taken in 2023 The sums of money involved in ICO fines, i.e., the average figure imposed by the ICO in 2024 and how much the ICO brought in for the Treasury this year How the ICO’s approach to enforcing DP law compares to other, European DP regulators Emerging trends and upcoming changes, such as the ICO’s crackdown on cookies compliance.Learn more about this topic: https://www.urmconsulting.com/blog/analysis-of-fines-imposed-by-the-information-commissioners-office-in-2024
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
-
In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, takes a deep dive into the unique cyber security challenges faced by small and medium-sized enterprises (SMEs), and the steps these organisations can take to improve their cyber security postures. George leverages his extensive experience assisting organisations to enhance their cyber security to discuss:
The current state of the cyber security landscape for SMEs and how this differs to their larger counterpartsThe issues SMEs are currently facing in addressing and enhancing their cyber security posturesHow SMEs can improve their cyber security.Learn more about this topic: https://www.urmconsulting.com/blog/cyber-essentials-improving-your-cyber-security-as-an-sme
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
- Show more
