At least once a week, we sit down with an expert from within the Group to get their insights on a technical topic or business area.
Here are all our Q&As to date, grouped by broad topic:
To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight.
AI
Mark James on AI and data protection
11 April 2024
Privacy consultant Mark talks about the data protection risks of AI, the GDPR’s (General Data Protection Regulation) restrictions around automated decision-making, legal bases for processing personal data via AI systems, and how to address the risks from that type of processing in this interview.
23 February 2024
What is voice cloning, what are the associated risks, and what can organisations do to protect themselves? Privacy consultant Mark answers all these questions and more in this interview.
Cyber attacks and data breaches
Leon Teale on the mother of all breaches
24 January 2024
Senior penetration tester Leon talks us through the implications of a historic 26-billion-records leak. Learn why even old credentials can cause a lot of damage, and how you can protect yourself in this interview.
Cyber Essentials
Ashley Brett on Cyber Essentials solutions
21 February 2024
Cyber security advisor and product evangelist Ashley provides a simple overview of the Cyber Essentials scheme. He also talks us through various Cyber Essentials solutions to help you choose the right one in this interview.
Cyber resilience
Alan Calder on cyber resilience
24 November 2023
Group CEO Alan gives us a quick overview of his award-winning book: Cyber Resilience – Defence-in-depth principles. He also explains why defence in depth is so important in this interview.
Cyber security
Adam Seamons on zero-trust architecture
5 January 2024
Information security manager Adam gives us a short history lesson about how networks have evolved, and the security consequences of that evolution. In particular, he highlights the risks of Cloud infrastructure and the merits of zero-trust architecture in this interview.
Vanessa Horton on ransomware trends
20 November 2023
Cyber incident responder Vanessa shares recent ransomware trends, why they’re worrying, and what organisations can do about them in this interview.
Leon Teale on secure remote working and VPNs
23 October 2023
Senior penetration tester Leon gives us his top 10 tips for secure remote working. He also talks us through different VPN (virtual private network) technologies in this interview.
Data privacy
11 April 2024
DPO (data protection officer) consultant Ola talks us through biometric data – what is it, and how do the GDPR’s principles and requirements apply to it? She also explains the importance of DPIAs (data protection impact assessments) and data protection by design in this interview.
22 March 2024
Privacy consultant Mark explains what data seeding is, why it’s such an unintrusive measure, and when and how to use it in this interview.
Louise Brooks on staff monitoring
4 March 2024
How much and what type(s) of staff monitoring is too much? How can organisations monitor staff while remaining compliant with privacy laws? Head of consultancy at DQM GRC Louise gives us the answers in this interview.
Alan Calder on maintaining GDPR compliance
16 February 2024
Group CEO Alan takes us through what data privacy and GDPR compliance trends he foresees in 2024. He also gives us his 5 top tips for remaining compliant in this interview.
Andrew Snow on a landmark GDPR ruling
12 January 2024
The ECJ (European Court of Justice) issued a landmark GDPR ruling in December 2023. Data privacy and cyber security trainer Andrew takes us through the details, and explains why this ruling is so important in this interview.
Andrew Snow on the UK–US data bridge
6 November 2023
The UK and US received an adequacy decision enforced in October 2023. Data privacy and cyber security trainer Andrew talks us through the practical implications, how organisations can take advantage, and alternative mechanisms for UK–US data transfers in this interview.
DORA
Andrew Pattison on simplifying DORA compliance with ISO 27001
26 January 2024
ISO 27001 can be used to simplify compliance with DORA (Digital Operational Resilience Act). Head of GRC (governance, risk and compliance) consultancy at IT Governance Europe Andrew explains how in this interview.
Cliff Martin on streamlining DORA compliance
18 December 2023
DORA’s requirements aren’t too dissimilar to that of other legislation and standards. Head of cyber incident response Cliff explains how to streamline DORA compliance in this interview.
Alan Calder on DORA supply chain security
11 December 2023
Group CEO Alan explains why supply chain security – a key DORA pillar – is so important, and how organisations can secure their supply chain in this interview.
Cliff Martin on DORA incident response
28 November 2023
Head of cyber incident response Cliff takes us through DORA’s incident response requirements – another pillar of the Regulation – in this interview.
Andrew Pattison on DORA risk management
13 November 2023
Head of GRC consultancy at IT Governance Europe Andrew explains the most important DORA pillar: ICT risk management. He talks us through the Regulation’s requirements and how organisations can meet them in this interview.
Incident response
Cliff Martin on cyber incident response
14 March 2024
Head of cyber incident response Cliff gives us a complete overview of cyber incident response, covering prevention, detection, response, cyber incident response plans, staff training, internal expertise vs outsourcing, incident responder skills, the different stages in a typical response process, and much more in this interview.
Vanessa Horton on anti-forensics
2 February 2024
Criminals use anti-forensics techniques to try to remain undetected and/or mask their actions. Cyber incident responder Vanessa explains further, and provides examples of anti-forensics techniques as well as advice for how organisations can protect themselves, in this interview.
ISO 27001
Alan Calder on transitioning to ISO 27001:2022
10 April 2024
Group CEO Alan explains why ISO 27001 and ISO 27002 were updated in 2022. He also talks us through key changes and transition dates, and how to approach your transition project in this interview.
Alan Calder on ISO 27001 and defence in depth
20 March 2024
Group CEO Alan explains how ISO 27001 and defence in depth intersect, and the importance of each. He also talks us through the ISO 27000 family of standards, and how ISO 27001 can help organisations meet their regulatory requirements in this interview.
Alan Calder on the ISO 27001:2022 addendum and ISO 27006 update
15 March 2024
ISO 27006 was recently updated. An ISO 27001:2022 addendum was also recently released. Group CEO Alan gives us the highlights of both updates, as well as an overview of the business benefits and regulatory value of ISO 27001, in this interview.
Andrew Pattison on pragmatic ISO 27001 risk assessments
8 March 2024
ISO 27001 fundamentally takes a risk-based approach. Head of GRC consultancy at IT Governance Europe Andrew gives us his tips on how to keep your risk assessments simple and manageable in this interview.
Alan Calder and a quick overview of ISO 27001
6 March 2024
Group CEO and ISO 27001 pioneer Alan gives us a quick overview of the business benefits of ISO 27001. He also talks us through how the Standard can aid regulatory compliance, and offers tips on risk assessment and continual improvement in this interview.
PCI DSS
Stephen Hancock on PCI DSS SAQ SPoC
30 October 2023
QSA (Qualified Security Assessor) consultant Stephen gives us an overview of the latest PCI DSS SAQ (Payment Card Industry Data Security Standard self-assessment questionnaire): SAQ SPoC (software-based PIN entry on COTS). He explains which organisations qualify and how SPoC solutions work in this interview.
PECR
Louise Brooks on cookie compliance
19 January 2024
Head of consultancy at DQM GRC Louise shares how organisations can improve their cookie banners without hampering their business objectives, and common mistakes around obtaining valid consent, in this interview.
Louise Brooks on the ICO’s ultimatum on cookies
4 December 2023
The ICO (Information Commissioner’s Office) gave the UK’s top websites an ultimatum: get your cookies compliant, or risk enforcement action. Head of consultancy at DQM GRC Louise gives her insights into this ICO statement and ICO enforcement more generally, and advice on how organisations can best meet their cookie requirements, in this interview.
Security testing
9 February 2024
The CVSS (Common Vulnerability Scoring System) is now at v4.0. Senior penetration tester Leon explains what the CVSS is, how it works, when to use it, its limitations, and the key changes introduced in CVSS v4.0 in this interview.
Supply chains
Andrew Pattison on simplifying supply chain risk management
5 April 2024
Head of GRC consultancy at IT Governance Europe Andrew explains the importance of keeping risk assessments and supply chain risk management simple, and how DORA might change how organisations manage risk. He also talks us through considerations around risk when outsourcing, e.g. to a Cloud provider, in this interview.
Training
4 April 2024
Cyber security specialist and instructor Soji gives us a complete overview of CISM (Certified Information Security Manager), talking us through its topics, intended audience, career opportunities, alternatives, and more in this interview.
Damian Garcia on ransomware elearning
7 February 2024
Head of GRC consultancy at IT Governance Damian recently updated our Ransomware Staff Awareness E-learning Course. He explains why this course is so important, the key topics covered, its top take-aways, and more in this interview.
Miscellaneous
22 March 2024
Softcover, PDF eBook or ePub? Publications manager Nicola explains the difference between each to help you choose the right written book format for you in this interview.
Sophie Sayer on the IT Governance partner programme
14 February 2024
Head of channel Sophie talks us through the IT Governance partner programme, and the benefits of partnering with us, in this interview.
Andreas Chrysostomou on audiobooks
10 January 2024
Publishing relations manager Andreas explains the audiobook format – including its pros and cons, how audiobooks are developed, and more – in this interview.
Sam McNicholls-Novoa on CyberComply
20 December 2023
CyberComply is a Cloud-based, end-to-end solution that simplifies compliance with a range of cyber security and data privacy standards and laws. Product marketing manager Sam talks us through some of the software’s benefits and features in this interview.
Get the latest expert insights straight to your inbox
If you like our weekly interviews, you’ll love our free weekly newsletter, the Security Spotlight.
Every Wednesday, you’ll get a 4-minute email with:
The post Free Expert Insights: Index of Interviews appeared first on IT Governance UK Blog.
