Free Expert Insights: Index of Interviews

At least once a week, we sit down with an expert from within the Group to get their insights on a technical topic or business area.

Here are all our Q&As to date, grouped by broad topic:

To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight.


AI

Mark James on AI and data protection 

11 April 2024

Privacy consultant Mark talks about the data protection risks of AI, the GDPR’s (General Data Protection Regulation) restrictions around automated decision-making, legal bases for processing personal data via AI systems, and how to address the risks from that type of processing in this interview.

Mark James on voice cloning

23 February 2024

What is voice cloning, what are the associated risks, and what can organisations do to protect themselves? Privacy consultant Mark answers all these questions and more in this interview.


Cyber attacks and data breaches

Leon Teale on the mother of all breaches

24 January 2024

Senior penetration tester Leon talks us through the implications of a historic 26-billion-records leak. Learn why even old credentials can cause a lot of damage, and how you can protect yourself in this interview.


Cyber Essentials

Ashley Brett on Cyber Essentials solutions

21 February 2024

Cyber security advisor and product evangelist Ashley provides a simple overview of the Cyber Essentials scheme. He also talks us through various Cyber Essentials solutions to help you choose the right one in this interview.


Cyber resilience

Alan Calder on cyber resilience

24 November 2023

Group CEO Alan gives us a quick overview of his award-winning book: Cyber Resilience – Defence-in-depth principles. He also explains why defence in depth is so important in this interview.


Cyber security

Adam Seamons on zero-trust architecture

5 January 2024

Information security manager Adam gives us a short history lesson about how networks have evolved, and the security consequences of that evolution. In particular, he highlights the risks of Cloud infrastructure and the merits of zero-trust architecture in this interview.

Vanessa Horton on ransomware trends

20 November 2023

Cyber incident responder Vanessa shares recent ransomware trends, why they’re worrying, and what organisations can do about them in this interview.

Leon Teale on secure remote working and VPNs

23 October 2023

Senior penetration tester Leon gives us his top 10 tips for secure remote working. He also talks us through different VPN (virtual private network) technologies in this interview.


Data privacy

Ola Irukwu on biometric data

11 April 2024

DPO (data protection officer) consultant Ola talks us through biometric data – what is it, and how do the GDPR’s principles and requirements apply to it? She also explains the importance of DPIAs (data protection impact assessments) and data protection by design in this interview.

Mark James on data seeding

22 March 2024

Privacy consultant Mark explains what data seeding is, why it’s such an unintrusive measure, and when and how to use it in this interview.

Louise Brooks on staff monitoring

4 March 2024

How much and what type(s) of staff monitoring is too much? How can organisations monitor staff while remaining compliant with privacy laws? Head of consultancy at DQM GRC Louise gives us the answers in this interview.

Alan Calder on maintaining GDPR compliance

16 February 2024

Group CEO Alan takes us through what data privacy and GDPR compliance trends he foresees in 2024. He also gives us his 5 top tips for remaining compliant in this interview.

Andrew Snow on a landmark GDPR ruling

12 January 2024

The ECJ (European Court of Justice) issued a landmark GDPR ruling in December 2023. Data privacy and cyber security trainer Andrew takes us through the details, and explains why this ruling is so important in this interview.

Andrew Snow on the UK–US data bridge

6 November 2023

The UK and US received an adequacy decision enforced in October 2023. Data privacy and cyber security trainer Andrew talks us through the practical implications, how organisations can take advantage, and alternative mechanisms for UK–US data transfers in this interview.


DORA

Andrew Pattison on simplifying DORA compliance with ISO 27001

26 January 2024

ISO 27001 can be used to simplify compliance with DORA (Digital Operational Resilience Act). Head of GRC (governance, risk and compliance) consultancy at IT Governance Europe Andrew explains how in this interview.

Cliff Martin on streamlining DORA compliance

18 December 2023

DORA’s requirements aren’t too dissimilar to that of other legislation and standards. Head of cyber incident response Cliff explains how to streamline DORA compliance in this interview.

Alan Calder on DORA supply chain security

11 December 2023

Group CEO Alan explains why supply chain security – a key DORA pillar – is so important, and how organisations can secure their supply chain in this interview.

Cliff Martin on DORA incident response

28 November 2023

Head of cyber incident response Cliff takes us through DORA’s incident response requirements – another pillar of the Regulation – in this interview.

Andrew Pattison on DORA risk management

13 November 2023

Head of GRC consultancy at IT Governance Europe Andrew explains the most important DORA pillar: ICT risk management. He talks us through the Regulation’s requirements and how organisations can meet them in this interview.


Incident response

Cliff Martin on cyber incident response

14 March 2024

Head of cyber incident response Cliff gives us a complete overview of cyber incident response, covering prevention, detection, response, cyber incident response plans, staff training, internal expertise vs outsourcing, incident responder skills, the different stages in a typical response process, and much more in this interview.

Vanessa Horton on anti-forensics

2 February 2024

Criminals use anti-forensics techniques to try to remain undetected and/or mask their actions. Cyber incident responder Vanessa explains further, and provides examples of anti-forensics techniques as well as advice for how organisations can protect themselves, in this interview.


ISO 27001

Alan Calder on transitioning to ISO 27001:2022 

10 April 2024

Group CEO Alan explains why ISO 27001 and ISO 27002 were updated in 2022. He also talks us through key changes and transition dates, and how to approach your transition project in this interview.

Alan Calder on ISO 27001 and defence in depth

20 March 2024

Group CEO Alan explains how ISO 27001 and defence in depth intersect, and the importance of each. He also talks us through the ISO 27000 family of standards, and how ISO 27001 can help organisations meet their regulatory requirements in this interview.

Alan Calder on the ISO 27001:2022 addendum and ISO 27006 update

15 March 2024

ISO 27006 was recently updated. An ISO 27001:2022 addendum was also recently released. Group CEO Alan gives us the highlights of both updates, as well as an overview of the business benefits and regulatory value of ISO 27001, in this interview.

Andrew Pattison on pragmatic ISO 27001 risk assessments

8 March 2024

ISO 27001 fundamentally takes a risk-based approach. Head of GRC consultancy at IT Governance Europe Andrew gives us his tips on how to keep your risk assessments simple and manageable in this interview.

Alan Calder and a quick overview of ISO 27001

6 March 2024

Group CEO and ISO 27001 pioneer Alan gives us a quick overview of the business benefits of ISO 27001. He also talks us through how the Standard can aid regulatory compliance, and offers tips on risk assessment and continual improvement in this interview.


PCI DSS

Stephen Hancock on PCI DSS SAQ SPoC

30 October 2023

QSA (Qualified Security Assessor) consultant Stephen gives us an overview of the latest PCI DSS SAQ (Payment Card Industry Data Security Standard self-assessment questionnaire): SAQ SPoC (software-based PIN entry on COTS). He explains which organisations qualify and how SPoC solutions work in this interview.


PECR

Louise Brooks on cookie compliance

19 January 2024

Head of consultancy at DQM GRC Louise shares how organisations can improve their cookie banners without hampering their business objectives, and common mistakes around obtaining valid consent, in this interview.

Louise Brooks on the ICO’s ultimatum on cookies

4 December 2023

The ICO (Information Commissioner’s Office) gave the UK’s top websites an ultimatum: get your cookies compliant, or risk enforcement action. Head of consultancy at DQM GRC Louise gives her insights into this ICO statement and ICO enforcement more generally, and advice on how organisations can best meet their cookie requirements, in this interview.


Security testing

Leon Teale on the CVSS

9 February 2024

The CVSS (Common Vulnerability Scoring System) is now at v4.0. Senior penetration tester Leon explains what the CVSS is, how it works, when to use it, its limitations, and the key changes introduced in CVSS v4.0 in this interview.


Supply chains

Andrew Pattison on simplifying supply chain risk management

5 April 2024

Head of GRC consultancy at IT Governance Europe Andrew explains the importance of keeping risk assessments and supply chain risk management simple, and how DORA might change how organisations manage risk. He also talks us through considerations around risk when outsourcing, e.g. to a Cloud provider, in this interview.


Training

Soji Ogunjobi on CISM®

4 April 2024

Cyber security specialist and instructor Soji gives us a complete overview of CISM (Certified Information Security Manager), talking us through its topics, intended audience, career opportunities, alternatives, and more in this interview.

Damian Garcia on ransomware elearning

7 February 2024

Head of GRC consultancy at IT Governance Damian recently updated our Ransomware Staff Awareness E-learning Course. He explains why this course is so important, the key topics covered, its top take-aways, and more in this interview.


Miscellaneous

Nicola Day on book formats

22 March 2024

Softcover, PDF eBook or ePub? Publications manager Nicola explains the difference between each to help you choose the right written book format for you in this interview.

Sophie Sayer on the IT Governance partner programme

14 February 2024

Head of channel Sophie talks us through the IT Governance partner programme, and the benefits of partnering with us, in this interview.

Andreas Chrysostomou on audiobooks

10 January 2024

Publishing relations manager Andreas explains the audiobook format – including its pros and cons, how audiobooks are developed, and more – in this interview.

Sam McNicholls-Novoa on CyberComply

20 December 2023

CyberComply is a Cloud-based, end-to-end solution that simplifies compliance with a range of cyber security and data privacy standards and laws. Product marketing manager Sam talks us through some of the software’s benefits and features in this interview.


Get the latest expert insights straight to your inbox

If you like our weekly interviews, you’ll love our free weekly newsletter, the Security Spotlight.

Every Wednesday, you’ll get a 4-minute email with:

The post Free Expert Insights: Index of Interviews appeared first on IT Governance UK Blog.