Making Information Security Practical and Easy to Understand

Yossy's Security & AI Lab _Global

This podcast shares practical insights on information security, privacy protection, corporate IT, and AI governance, based on real experience supporting small and mid-sized companies in Japan. Topics include ISMS (ISO/IEC 27001), AIMS (AI Management Systems), incident response, and responsible AI use — all explained from an operational, in-house perspective rather than theory alone. One unique focus of this podcast is Japan’s Privacy Mark (P-Mark), a Japanese privacy management system that is widely used in Japan but not well known internationally. In this podcast, I explain what P-Mark is,

  1. 14H AGO

    SEC-08.Can one IT person really do it all?

    “Can one IT person really handle ISMS or the Privacy Mark?” This is a very common question. In this episode,I talk about this issue from a key risk perspective: over-reliance on one person. You’ll hear about: Why running security certification alone is risky What actually happens when knowledge stays with one person How to build a more sustainable, shared security setup Information security is not something one person should carry alone. It works best when responsibilities are shared across the organization,not concentrated in one individual. This episode is especially helpful if: You are the only IT or security person in your company You are worried about handover, continuity, or burnout You want a realistic way to run ISMS or Privacy Mark operations

    3 min

  2. JAN 28

    SEC-07.How Do You Get Management Approval for Security?

    Security is important — but explaining it to management is often the hardest part. In this episode, I talk about how to communicate information security in a way that actually makes sense to executives. We cover: How to frame security as a business topicQuestions that really get management thinkingA realistic, step-by-step way to get approvalThis episode is for anyone who feels “stuck in the middle” between the field and management.

    4 min

  3. JAN 25

    A05. What Is AIMS?A Beginner’s Guide to AI Management

    AI is becoming part of everyday work. But many people feel unsure and think: “AI is useful, but is it really safe to use this way?” In this episode, I explain what AIMS (AI Management System) is in a simple and practical way. You’ll learn: What AIMS actually meansWhy companies are starting to care about ISO/IEC 42001How AIMS helps organizations use AI safely and responsiblyAIMS is not about restricting AI. It is about creating clear rules and shared responsibility so AI can be used with confidence. This episode is a beginner-friendly introduction for anyone who is starting to think about AI governance or company-wide AI rules.

    5 min

  4. JAN 21

    SEC-06 “Is Security Certification Still Too Early for Us?” — What to Think About First

    Many companies think about security certifications like ISMS or the Privacy Mark and wonder: “Isn’t this still too early for a company our size?” In this episode, Yoshida shares a practical, real-world perspective on that question. Instead of focusing on certification requirements, this episode explores: Why “too early” is often a misunderstandingWhy small and mid-sized companies can actually move fasterHow cloud and SaaS tools change security risks for everyoneWhat you can think about before certification becomes urgentThis is not about forcing certification. It’s about thinking early, calmly, and realistically so security doesn’t become a last-minute crisis. If you’re unsure when to start thinking about ISMS or security governance, this episode is for you.

    4 min

  5. JAN 18

    AIMS-04. How Do We Create Internal AI Rules?

    As AI use grows inside companies, many people start asking: “Do we need internal AI rules?” “But where should we even start?” In this episode, we build on the previous discussion about making AI risks visible, and focus on the next step: how to turn those risks into simple, practical internal AI rules. This is not about creating long or strict policies. Instead, we talk about a realistic approach for small and mid-sized companies: What kinds of AI use are acceptableWhat information should not be entered into AI toolsWho is responsible for the final decisionUsing the AIMS (AI Management System) mindset as a reference, this episode explains how to create “rules that help people act,” not rules that stop them. If you are involved in AI usage, internal controls, or information security, and feel unsure about AI rules, this episode is for you. Key message: Perfect rules are not necessary. Practical rules are.

    8 min

  6. JAN 15

    SEC-05 How does your company change after getting ISMS or PrivacyMark?

    What actually changes in a company after getting ISMS, the Privacy Mark, or PIMS? In this episode, I talk about the real changes that happen after certification, based on practical experience with ISMS, the Privacy Mark, and PIMS (ISO/IEC 27701). Getting certified does not suddenly change everything overnight. But over time, clear and meaningful changes begin to appear. For example: Less uncertainty and more confidence inside the companyClear rules and shared responsibilityIncreased trust from customers and business partnersPositive effects on hiring and company reputationInstead of listing theoretical benefits, this episode focuses on what really changes in daily operations and culture. If you are thinking about certification, or already running ISMS, the Privacy Mark, or PIMS, this episode will help you understand what comes after getting certified.

    5 min

  7. JAN 11

    AIMS-03. Making AI Risks Visible

    in this episode, we talk about how to make AI risks visible in daily work. Many people use AI tools like ChatGPT or Copilot at work, but often feel unsure: “Is this safe?”“Are we using AI in the right way?”In this episode, we explain AI risk in a simple and practical way, from an information security point of view. You will learn: Where AI is being used in your workWhat kind of data is involvedWho should check AI outputsWe also introduce the basic idea of AIMS (ISO/IEC 42001) and why “visibility” is important for safe AI use. This podcast is for small and mid-sized companies, and for anyone who wants to use AI with confidence, not fear. No technical knowledge is required. Let’s take the first step toward safe and responsible AI use—together.

    4 min

  8. JAN 7

    SEC-04.How hard are ISMS, the Privacy Mark, or PIMS in real life?

    How hard are ISMS, the Privacy Mark, or PIMS in real life? In this episode, I talk about the real effort behind security and privacy certifications, based on practical experience. I often hear questions like: Can one IT person handle ISMS or the Privacy Mark?How long does it take to get certified?How much work is required to keep it running?And can you actually fail the audit?Instead of theory, this episode focuses on what companies really face in daily operations. I also explain how to think about choosing between ISMS and the Privacy Mark: ISMS is often suitable for BtoB, IT-focused, or international businessThe Privacy Mark works well for BtoC and domestic services in JapanAnd just briefly, I touch on PIMS (ISO/IEC 27701) as a possible option for companies that are considering global expansion. The goal of this episode is not to tell you what to get, but to help you build a clear way of thinking about security and privacy management. If you feel unsure or overwhelmed by ISMS, the Privacy Mark, or PIMS, this episode will give you a realistic starting point.

    6 min
See All (13)

About

This podcast shares practical insights on information security, privacy protection, corporate IT, and AI governance, based on real experience supporting small and mid-sized companies in Japan. Topics include ISMS (ISO/IEC 27001), AIMS (AI Management Systems), incident response, and responsible AI use — all explained from an operational, in-house perspective rather than theory alone. One unique focus of this podcast is Japan’s Privacy Mark (P-Mark), a Japanese privacy management system that is widely used in Japan but not well known internationally. In this podcast, I explain what P-Mark is,

Information