InfoSec Insider

URM Consulting

The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more. In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (BIA). Enhance your understanding and professional skillset with the InfoSec Insider podcast, brought to you by URM, the UK’s leading provider of cyber security and governance, risk management and compliance consultancy.

  1. 25 giu

    PCI DSS and Service Providers

    In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) with URM, explore some of the most misunderstood areas of PCI DSS scoping, focusing on service providers, merchants, and complex modern payment architectures. Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss: When an organisation stops being “just a merchant” and becomes a PCI DSS service provider, and what really drives that distinction How an organisation can be both a merchant and a service provider at the same time, and how this should be handled during a PCI DSS assessment The most common mistakes organisations make when deciding how they should be classified for PCI DSS purposes Whether companies providing payment-enabled platforms, but not directly handling PAN, can still fall under the definition of a service provider The responsibilities that remain when a third-party platform hosts the payment page but payment fields are served directly by a provider And more. Ask Alastair and Tibor a question:  https://www.urmconsulting.com/podcasts/pci-dss-and-service-providers   If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider          You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts         Connect with us on LinkedIn       Brought to you by URM, the UK’s leading information and cyber security specialists.

    38 min
  2. 4 giu

    Business Approaches to Risk Management

    In this episode of InfoSec Insider, Wayne Armstrong and Chris Heighes, both Senior Consultants at URM, offer key advice on effective approaches to cyber and information security risk management from a business perspective.  Chris and Wayne draw upon their combined 45 years of experience in information security and risk management to discuss: What good, risk-based decision-making actually looks like in practice, and where it most commonly breaks down The most concerning information security risks of today that do not get enough attention at the board or executive level How organisations can move away from checklist-driven compliance and towards meaningful cyber risk management that supports business objectives How organisations should rethink ownership and accountability for information security risk in light of growing dependence on cloud services and third-party providers The capability or mindset they believe information security leaders must develop now to remain effective risk advisers in the coming years. Ask Wayne and Chris a question:  https://urmconsulting.com/podcasts/business-approaches-to-risk-management              If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider  You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts              Brought to you by URM, the UK’s leading information and cyber security specialists.

    35 min
  3. 28 mag

    PCI DSS and Severless Architecture

    In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) with URM, explore the use of severless architecture and Payment Card Industry Data Security Standard (PCI DSS) compliance.  Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss:     What ‘severless’ actually means in a PCI DSS context, and how this differs from how it is usually described by cloud providers What QSAs look for when deciding whether a severless system falls within PCI scope How the balance of responsibilities shifts when an organisation moves from traditional cloud services to severless, and where this causes the most confusion during assessments The parts of a severless setup that tend to bring cardholder data into scope unexpectedly and how to ensure you understand the way information moves through your systems How to handle PCI requirements for logs, monitoring and keeping evidence when the systems they rely on disappear almost instantly Maintaining compliant access control and control over changes to your systems in a severless context How to check for weaknesses in severless systems, the risks tied to the external code and libraries that are often used inside serverless functions And more. Ask Alastair and Tibor a question:  https://www.urmconsulting.com/podcasts/pci-dss-and-severless-architecture If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider         You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts        Connect with us on LinkedIn   Brought to you by URM, the UK’s leading information and cyber security specialists.

    25 min

Descrizione

The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more. In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (BIA). Enhance your understanding and professional skillset with the InfoSec Insider podcast, brought to you by URM, the UK’s leading provider of cyber security and governance, risk management and compliance consultancy.

Potrebbero piacerti anche…