InfoSec Insider
The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more. In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (BIA). Enhance your understanding and professional skillset with the InfoSec Insider podcast, brought to you by URM, the UK’s leading provider of cyber security and governance, risk management and compliance consultancy.
Certificate in Information Security Management Principles (CISMP) Training Course Explained
In the episode of InfoSec Insider Wayne Armstrong, Senior Information Security Consultant at URM, discusses the Certificate in Information Security Management Principles (CISMP), a BCS managed, foundation-level information security qualification. Drawing upon his 30+ years’ experience in IT, information security and risk management, Wayne discusses:
- What the CISMP is
- What is covered in the CISMP curriculum
- Who the CISMP is for and the benefits they could reap from sitting a CISMP course/exam.
GDPR Back to Basics
In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, takes us ‘back to basics’ with the General Data Protection Regulation (GDPR), breaking down the key data protection concepts and terminology you will need to understand if you want to achieve and maintain compliance with the GDPR.
Comparison of ISO 9001 and ISO 27001
Sue West offers helpful advice and guidance on how to integrate multiple management systems which are conformant to/certified against ISO standards, with a particular focus on integrating an ISO 9001 quality management system (QMS) and an ISO 27001 information security management system (ISMS).
Talk BC
Talk BC is the InfoSec Insider podcast’s business continuity series, where our senior business continuity consultants offer key advice on ensuring your organisation is well-equipped to respond to disruption. Our experts share the knowledge they have gained from years of experience working with organisations to develop and exercise effective business continuity plans, and to conform/certify to ISO 22301 (the International Standard for Business Continuity Management Systems).
Talk Cyber
Talk Cyber is the InfoSec Insider podcast’s cyber security series, in which our cyber security experts bring you the latest guidance on preparing for and safeguarding against cyber attacks. Drawing upon their experience providing penetration testing, facilitating and supporting Cyber Essentials and Cyber Essentials Plus assessments, and helping to develop and exercise cyber incident response plans, our Cyber Team offers you cutting-edge advice on keeping your organisation protected.
Talk DP
Talk DP is the InfoSec Insider podcast’s data protection series, featuring detailed guidance and insightful discussion from URM’s senior data protection practitioners. Our experts leverage their extensive experience working to help organisations meet their compliance obligations in order to offer pragmatic, valuable advice on how to meet GDPR requirements, leverage new technologies while remaining compliant with data protection legislation, and more.
GDPR Back to Basics
In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, takes us ‘back to basics’ with the General Data Protection Regulation (GDPR), breaking down the key data protection concepts and terminology you will need to understand if you want to achieve and maintain compliance with the GDPR.
Contact the InfoSec Experts Today
Having assisted over 400 organisations to implement an ISMS and then achieve ISO 27001 certification since the Standard was first published in 2005, we at URM are the ideal partners to help you certify. With our fully-tailored approach, our specialists can support you through each stage of the ISO 27001 management system lifecycle, offering guidance specific to your organisation’s unique requirements.
Get in touch with our information security experts today to find out more.
InfoSec Solutions & Products
One the key requirements of ISO 27001 is the need for a robust risk assessment process which can produce repeatable and comparable results. With its proven, best practice methodology, URM’s information security risk management software, Abriska 27001, enables you to meet this requirement. We can also assist you to raise and maintain awareness among your staff with our expertly designed and engaging learning management system (LMS), Alurna.
InfoSec Training Courses
Our information security and risk management training courses can help you learn how to effectively manage information security. Our Certificate in Information Security Management Principles (CISMP) and Practitioner Certificate in Information Risk Management (PCIRM) training courses will prepare you to take the BCS (Chartered Institute for IT) administered exams, enabling you to gain industry-recognised qualifications.
Webinars & Events
URM has gained a reputation as the preeminent UK provider of live webinars, aimed at delivering valuable and practical insights to organisations looking to improve their information security, risk management, data protection etc. The webinars are delivered by our senior consultants who share hints and tips on topics such as certifying to ISO 27001 and Cyber Essentials, complying with the GDPR. All of our webinars are completely free to attend, and include an opportunity to ask questions at the end.
In this webinar, URM’s consultants guide you through all the key aspects of SOC 2 including pitfalls to avoid and the success criteria.
URM presents and discusses 5 key steps you can take to improve your supplier information security risk management.
Webinar aimed at those organisations which are looking to implement ISO 27001 and certify to the 2022 version of the Standard.
Information Security FAQs
What are 4 types of information security?
If we look to guidance from Annex A of ISO 27001, then the answer is organisational, people, physical and technological. The International Standard groups information security into these 4 categories. The ‘organisational’ category requires the creation of policies, roles and responsibilities and day-to-day business activities. The ‘people’ category ensures that the most appropriate staff are employed, and that they understand what is expected of them in relation to the business’ approach to infosec. ‘Physical’ controls relate to the security of business premises, clear desk policies etc, whilst, ‘technological’ controls relate to measures that may be adopted by organisations to assist in securing information through the use of technology such as capacity management, configuration management, change management, network security, firewalls, cryptography etc.
What are the 3 principles of information security?
The three aspects that information security (infosec) seeks to protect are ‘confidentiality’, ‘integrity’ and ‘availability’. Confidentiality ensures that information is not made available or disclosed to unauthorised entities. Integrity protects the accuracy and completeness of assets, whilst Availability ensures that information is accessible and usable on demand by authorised individuals.tc.
What are information security examples?
Examples of information security include encryption, firewalls, antivirus software, multi-factor authentication (MFA), vetting of individuals, controlling access to premises / information and providing staff awareness training.
What are 5 information security policies?
Policies provide direction on your organisation’s approach to different aspects of information security management. Policies may relate to the classification of data, password management, acceptable use of assets, authentication procedures and incident response - these are five examples, but your organisation may choose to formulate a policy relating to any aspect of information security (infosec) management.
Common Questions When Managing Supplier Information Security Risks
URM’s blog answers key questions on supplier risk management, with a particular focus on the aspects to consider once a supplier has been selected.
URM’s blog provides a stage-by-stage breakdown of the key steps you will need to take to conduct effective supplier information security risk management.
URM’s blog offers advice and guidance on how to implement and maintain an ISO 9001-aligned QMS and receive the maximum benefit from your investment.
URM’s blog discusses everything you need to know about the CISMP, including its benefits, who it’s suited to, the topics the CISMP covers, and more.