Free Expert Insights: Index of Interviews

At least once a week, we sit down with an expert from within GRC International to get their insights on a technical topic or business area.

Here are all our Q&As to date, grouped by broad topic:

To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight.

Last updated: 7 June 2024. Interviews added: Vanessa Horton on ransomware trends (cyber security); Leon Teale on secure remote working (cyber security); and Louise Brooks on the GDPR’s lawful bases and data subject rights (data privacy).  

AI

Camden Woollven on privacy and ethical concerns around AI 

22 May 2024 

Head of AI Camden talks us through the ethical principles for guiding AI development, how those principles relate to data privacy, high-risk domains (such as healthcare), and why AI ethics requires a team effort in this interview

Mark James on AI and data protection 

11 April 2024

Privacy consultant Mark talks about the data protection risks of AI, the GDPR’s (General Data Protection Regulation) restrictions around automated decision-making, legal bases for processing personal data via AI systems, and how to address the risks from that type of processing in this interview.

Mark James on voice cloning

23 February 2024

What is voice cloning, what are the associated risks, and what can organisations do to protect themselves? Privacy consultant Mark answers all these questions and more in this interview.

Cyber attacks and data breaches

Leon Teale on the mother of all breaches

24 January 2024

Senior penetration tester Leon talks us through the implications of a historic 26-billion-records leak. Learn why even old credentials can cause a lot of damage, and how you can protect yourself in this interview.

Cyber Essentials

Ashley Brett on Cyber Essentials and ISO 27001

10 May 2024

Cyber security advisor and product evangelist Ashley talks us through some common Cyber Essentials misconceptions, key differences between Cyber Essentials and ISO 27001, the benefits of each, and things to consider if you’re implementing both in this interview.

Ashley Brett on Cyber Essentials solutions

21 February 2024

Cyber security advisor and product evangelist Ashley provides a simple overview of the Cyber Essentials scheme. He also talks us through various Cyber Essentials solutions to help you choose the right one in this interview.

Cyber resilience

Adam Seamons on cyber defence in depth

19 April 2024

What is defence in depth, why is it important and how does it work? Information security manager Adam answers all these questions and more, giving practical, expert insight into defending against malware in multiple layers, with details on the purpose of each, in this interview.

Alan Calder on cyber resilience

24 November 2023

Group CEO Alan gives us a quick overview of his award-winning book: Cyber Resilience – Defence-in-depth principles. He also explains why defence in depth is so important in this interview.

Cyber security

Vanessa Horton on ransomware trends

7 June 2024

Cyber incident responder Vanessa shares ransomware trends, why they’re worrying, and what organisations can do about them. She also explains how to decide whether to pay the ransom, what to do if you suffer an exfiltration attack to mitigate the damage, and how to prevent future attacks in this interview.

Leon Teale on secure remote working

31 May 2024

Senior penetration tester Leon shares how to secure remote infrastructure; the risks of working in public areas and using public Wi-Fi, and how to remain secure; the pros and cons of different VPN (virtual private network) technologies; and his top 10 tips for secure remote working at home and in public in this interview.

Leon Teale on zero-day exploits

24 April 2024

What are zero-day exploits and who is most at risk? How can we detect zero-day vulnerabilities and attacks, and protect ourselves from them? Plus, how much of an outlier was the MOVEit Transfer breach? We put all these questions and more to senior penetration tester Leon in this interview.

Adam Seamons on zero-trust architecture

5 January 2024

Information security manager Adam gives us a short history lesson about how networks have evolved, and the security consequences of that evolution. In particular, he highlights the risks of Cloud infrastructure and the merits of zero-trust architecture in this interview.

Vanessa Horton on ransomware trends

20 November 2023

Cyber incident responder Vanessa shares recent ransomware trends, why they’re worrying, and what organisations can do about them in this interview.

Leon Teale on secure remote working and VPNs

23 October 2023

Senior penetration tester Leon gives us his top 10 tips for secure remote working. He also talks us through different VPN (virtual private network) technologies in this interview.

Data privacy


Louise Brooks on the GDPR’s lawful bases and data subject rights

3 June 2024 

What are the 6 lawful bases for processing under the GDPR, why should consent be a last resort, what are the conditions for consent, and how can you document it? What about the 8 data subject rights under the GDPR – what are they, and how can organisations accommodate them? Head of consultancy at DQM GRC Louise talks us through the above in this interview.

Kirsten Craig on the APRA 

17 May 2024 

In the US, expectations are – cautiously – rising that we could see a landmark single federal privacy standard enacted into law: the APRA (American Privacy Rights Act). Data privacy lawyer Kirsten takes us through what it is, its requirements, its interplay with state-specific laws, its scope, and the next steps in this interview.  

Ryan Peeney on records of processing activities

9 May 2024

Records of processing activities, also known as ‘ROPAs’, are an explicit legal requirement in Article 30 of both the UK and EU GDPR. But what exactly are they? Why are they important, and what are their benefits? And how can you create and maintain them? We put all these questions and more to DPO (data protection officer) consultant Ryan in this interview

Louise Brooks on practical GDPR compliance

25 April 2024

Numerous misunderstandings surround complying with the GDPR. As a principles- and risk-based law, there aren’t prescribed dos and don’ts – the Regulation simply provides a framework for compliance. Furthermore, compliance can be a business enabler, not a ‘necessary evil’. Head of consultancy at DQM GRC Louise explains further in this interview.

Ola Irukwu on biometric data

11 April 2024

DPO consultant Ola talks us through biometric data – what is it, and how do the GDPR’s principles and requirements apply to it? She also explains the importance of DPIAs (data protection impact assessments) and data protection by design in this interview.

Mark James on data seeding

22 March 2024

Privacy consultant Mark explains what data seeding is, why it’s such an unintrusive measure, and when and how to use it in this interview.

Louise Brooks on staff monitoring

4 March 2024

How much and what type(s) of staff monitoring is too much? How can organisations monitor staff while remaining compliant with privacy laws? Head of consultancy at DQM GRC Louise gives us the answers in this interview.

Alan Calder on maintaining GDPR compliance

16 February 2024

Group CEO Alan takes us through what data privacy and GDPR compliance trends he foresees in 2024. He also gives us his 5 top tips for remaining compliant in this interview.

Andrew Snow on a landmark GDPR ruling

12 January 2024

The ECJ (European Court of Justice) issued a landmark GDPR ruling in December 2023. Data privacy and cyber security trainer Andrew takes us through the details, and explains why this ruling is so important in this interview.

Andrew Snow on the UK–US data bridge

6 November 2023

The UK and US received an adequacy decision enforced in October 2023. Data privacy and cyber security trainer Andrew talks us through the practical implications, how organisations can take advantage, and alternative mechanisms for UK–US data transfers in this interview.

DORA

Andrew Pattison on DORA, how it compares to NIS 2, and how it’ll be regulated

3 May 2024

What is DORA (Digital Operational Resilience Act)? How does it differ – or overlap – with NIS 2 (Network and Information Security Systems Directive)? What are the DORA pillars? How will DORA be regulated? And will non-EU organisations have to comply with it? We put these questions to Andrew, head of GRC (governance, risk and compliance) consultancy at IT Governance Europe, in this interview

Andrew Pattison on simplifying DORA compliance with ISO 27001

26 January 2024

ISO 27001 can be used to simplify compliance with DORA. Head of GRC consultancy at IT Governance Europe Andrew explains how in this interview.

Cliff Martin on streamlining DORA compliance

18 December 2023

DORA’s requirements aren’t too dissimilar to that of other legislation and standards. Head of cyber incident response Cliff explains how to streamline DORA compliance in this interview.

Alan Calder on DORA supply chain security

11 December 2023

Group CEO Alan explains why supply chain security – a key DORA pillar – is so important, and how organisations can secure their supply chain in this interview.

Cliff Martin on DORA incident response

28 November 2023

Head of cyber incident response Cliff takes us through DORA’s incident response requirements – another pillar of the Regulation – in this interview.

Andrew Pattison on DORA risk management

13 November 2023

Head of GRC consultancy at IT Governance Europe Andrew explains the most important DORA pillar: ICT risk management. He talks us through the Regulation’s requirements and how organisations can meet them in this interview.

Europrivacy

Alice Turley on the Europrivacy scheme and certification

26 April 2024

What is Europrivacy/®, who can apply for certification, and what are the benefits? How do the scheme and certification work? And what must applicants consider when choosing a consulting company? Senior privacy and GRC consultant and trainer Alice answers all these questions in this interview.

Incident response

Vanessa Horton on cyber incident response 

24 May 2024 

Cyber incident responder Vanessa gives us a complete, practical overview of cyber incident response. She talks us through common misconceptions and errors, threat types, protection, detection, cyber incident response plans, training, digital forensics and the incident response process. She also covers real-life examples in this interview

Vanessa Horton on anti-forensics

2 February 2024

Criminals use anti-forensics techniques to try to remain undetected and/or mask their actions. Cyber incident responder Vanessa explains further, and provides examples of anti-forensics techniques as well as advice for how organisations can protect themselves, in this interview.

ISO 27001

Matthew Peers on ISO 27001 and physical security 

15 May 2024 

When we hear ‘information security’ or ‘ISO 27001’, we usually think ‘cyber security’. However, physical security is also an important aspect of information security. In fact, in ISO 27001:2022, ‘physical’ is one of just four control themes. GRC consultant Matthew explains why, and talks us through physical access control, physical security monitoring, CCTV, and more in this interview

Alan Calder on transitioning to ISO 27001:2022 

10 April 2024

Group CEO Alan explains why ISO 27001 and ISO 27002 were updated in 2022. He also talks us through key changes and transition dates, and how to approach your transition project in this interview.

Alan Calder on ISO 27001 and defence in depth

20 March 2024

Group CEO Alan explains how ISO 27001 and defence in depth intersect, and the importance of each. He also talks us through the ISO 27000 family of standards, and how ISO 27001 can help organisations meet their regulatory requirements in this interview.

Alan Calder on the ISO 27001:2022 addendum and ISO 27006 update

15 March 2024

ISO 27006 was recently updated. An ISO 27001:2022 addendum was also recently released. Group CEO Alan gives us the highlights of both updates, as well as an overview of the business benefits and regulatory value of ISO 27001, in this interview.

Andrew Pattison on pragmatic ISO 27001 risk assessments

8 March 2024

ISO 27001 fundamentally takes a risk-based approach. Head of GRC consultancy at IT Governance Europe Andrew gives us his tips on how to keep your risk assessments simple and manageable in this interview.

Alan Calder and a quick overview of ISO 27001

6 March 2024

Group CEO and ISO 27001 pioneer Alan gives us a quick overview of the business benefits of ISO 27001. He also talks us through how the Standard can aid regulatory compliance, and offers tips on risk assessment and continual improvement in this interview.

PCI DSS

Stephen Hancock on PCI DSS SAQ SPoC

30 October 2023

QSA (Qualified Security Assessor) consultant Stephen gives us an overview of the latest PCI DSS SAQ (Payment Card Industry Data Security Standard self-assessment questionnaire): SAQ SPoC (software-based PIN entry on COTS). He explains which organisations qualify and how SPoC solutions work in this interview.

PECR

Louise Brooks on cookie compliance

19 January 2024

Head of consultancy at DQM GRC Louise shares how organisations can improve their cookie banners without hampering their business objectives, and common mistakes around obtaining valid consent, in this interview.

Louise Brooks on the ICO’s ultimatum on cookies

4 December 2023

The ICO (Information Commissioner’s Office) gave the UK’s top websites an ultimatum: get your cookies compliant, or risk enforcement action. Head of consultancy at DQM GRC Louise gives her insights into this ICO statement and ICO enforcement more generally, and advice on how organisations can best meet their cookie requirements, in this interview.

Security testing

Leon Teale on the CVSS

9 February 2024

The CVSS (Common Vulnerability Scoring System) is now at v4.0. Senior penetration tester Leon explains what the CVSS is, how it works, when to use it, its limitations, and the key changes introduced in CVSS v4.0 in this interview.

Supply chains

Andrew Pattison on simplifying supply chain risk management

5 April 2024

Head of GRC consultancy at IT Governance Europe Andrew explains the importance of keeping risk assessments and supply chain risk management simple, and how DORA might change how organisations manage risk. He also talks us through considerations around risk when outsourcing, e.g. to a Cloud provider, in this interview.

Training

Soji Ogunjobi on CISM®

4 April 2024

Cyber security specialist and instructor Soji gives us a complete overview of CISM (Certified Information Security Manager), talking us through its topics, intended audience, career opportunities, alternatives, and more in this interview.

Damian Garcia on ransomware elearning

7 February 2024

Head of GRC consultancy at IT Governance Damian recently updated our Ransomware Staff Awareness E-learning Course. He explains why this course is so important, the key topics covered, its top take-aways, and more in this interview.

Miscellaneous

Nicola Day on book formats

22 March 2024

Softcover, PDF eBook or ePub? Publications manager Nicola explains the difference between each to help you choose the right written book format for you in this interview.

Sophie Sayer on the IT Governance partner programme

14 February 2024

Head of channel Sophie talks us through the IT Governance partner programme, and the benefits of partnering with us, in this interview.

Andreas Chrysostomou on audiobooks

10 January 2024

Publishing relations manager Andreas explains the audiobook format – including its pros and cons, how audiobooks are developed, and more – in this interview.

Sam McNicholls-Novoa on CyberComply

20 December 2023

CyberComply is a Cloud-based, end-to-end solution that simplifies compliance with a range of cyber security and data privacy standards and laws. Product marketing manager Sam talks us through some of the software’s benefits and features in this interview.

Get the latest expert insights straight to your inbox

If you like our weekly interviews, you’ll love our free weekly newsletter, the Security Spotlight.

Every Wednesday, you’ll get a 4-minute email with:



Interviews with our experts, sharing their insights and expertise;


Industry news, including the latest publicly disclosed data breaches and cyber attacks;


Our latest research and statistics;


Free useful resources; and


Upcoming webinars.



The post Free Expert Insights: Index of Interviews appeared first on IT Governance UK Blog.

Leave a Reply