Talk Cyber
Talk Cyber is the InfoSec Insider podcast’s cyber security series, in which our cyber security experts bring you the latest guidance on preparing for and safeguarding against cyberattacks. Drawing upon their experience providing penetration testing, facilitating and supporting Cyber Essentials and Cyber Essentials Plus assessments, and helping to develop and exercise cyber incident response plans, our Cyber Team offers you cutting-edge advice on keeping your organisation protected.
Supplementing Cyber Essentials
In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, provides his insights on the best next steps organisations can take following Cyber Essentials certification to further enhance their security. George leverages his extensive experience assisting organisations to strengthen their cyber security measures to discuss:
- What is covered by the Cyber Essentials scheme
- The more advanced cyber and information security frameworks organisations can implement having achieved Cyber Essentials
- How organisations can enhance their cyber and information security without implementing additional frameworks.
Lexcel, SQM and Cyber Essentials
In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, explores the Lexcel Practice Management Standard (Lexcel), the Specialist Quality Mark (SQM) and their relationship with the Cyber Essentials scheme. George leverages his extensive experience assisting organisations to enhance their cyber security to discuss:
- What Lexcel and the SQM are, and why they are needed
- How these standards relate to cyber security
- How Cyber Essentials ties these standards, and how certification to the scheme can benefit law firms’ Lexcel/SQM compliance efforts
- How law firms can strengthen their security further having achieved Cyber Essentials.
New Government Proposal to Prevent Organisations From Paying Ransomware Demands
In this episode of InfoSec Insider – Talk Cyber, Stuart Skelly, Senior Consultant at URM, explains a recently announced consultation by the UK government into proposals by the Home Office, which would increase its control and visibility of ransomware attacks on organisations operating in the UK. Stuart leverages his extensive legal background and experience as a governance, risk and compliance consultant to discuss:
- What is meant by ransomware and a ransomware cyber attack
- The Home Office’s proposals – what they are and which organisations they would affect if they come into force
- The complications and challenges these proposals could create
- How interested organisations can send a response to the Home Office.
Cyber Security for Small and Medium-Sized Enterprises (SMEs)
In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, takes a deep dive into the unique cyber security challenges faced by small and medium-sized enterprises (SMEs), and the steps these organisations can take to improve their cyber security postures. George leverages his extensive experience assisting organisations to enhance their cyber security to discuss:
- The current state of the cyber security landscape for SMEs and how this differs to their larger counterparts
- The issues SMEs are currently facing in addressing and enhancing their cyber security postures
- How SMEs can improve their cyber security.
Mitigating Cyber Risks
In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, breaks down the current state of cyber security in the modern business landscape and the common cyber security failings and challenges he sees organisations face, as well as offering key advice and guidance on what organisations can do to protect against these threats. George leverages his extensive experience assisting organisations to enhance their cyber security to discuss:
- The current cyber security landscape and the common security pitfalls that are leading to an upward trend in cyber security incidents
- How the cyber security landscape is likely to evolve in the future as a result of ongoing technological developments, such as in the field of artificial intelligence (AI)
- How organisations can protect themselves against these threats and the benefits of certifying to the Cyber Essentials scheme to do so.
Contact the InfoSec Experts Today
Having assisted over 450 organisations to implement an ISMS and then achieve ISO 27001 certification since the Standard was first published in 2005, we at URM are the ideal partners to help you certify. With our fully-tailored approach, our specialists can support you through each stage of the ISO 27001 management system lifecycle, offering guidance specific to your organisation’s unique requirements.
Get in touch with our information security experts today to find out more.
InfoSec Solutions & Products
One the key requirements of ISO 27001 is the need for a robust risk assessment process which can produce repeatable and comparable results. With its proven, best practice methodology, URM’s information security risk management software, Abriska 27001, enables you to meet this requirement. We can also assist you to raise and maintain awareness among your staff with our expertly designed and engaging learning management system (LMS), Alurna.
InfoSec Training Courses
Our information security and risk management training courses can help you learn how to effectively manage information security. Our Certificate in Information Security Management Principles (CISMP) and Practitioner Certificate in Information Risk Management (PCIRM) training courses will prepare you to take the BCS (Chartered Institute for IT) administered exams, enabling you to gain industry-recognised qualifications.
Webinars & Events
URM has gained a reputation as the preeminent UK provider of live webinars, aimed at delivering valuable and practical insights to organisations looking to improve their information security, risk management, data protection etc. The webinars are delivered by our senior consultants who share hints and tips on topics such as certifying to ISO 27001 and Cyber Essentials, complying with the GDPR. All of our webinars are completely free to attend, and include an opportunity to ask questions at the end.
URM and DNV provides an overview of ISO 27001, DORA and the NIS 2, key components to enhance cybersecurity and operational resilience across various sectors.
Q&A session, hosted by URM Qualified Security Assessors (QSAs) with years of hands-on experience helping organisations navigate PCI DSS compliance.
URM and BSI will be drawing upon their experiences with organisations that achieved and maintained certification to ISO 27001.
Information Security FAQs
What are 4 types of information security?
If we look to guidance from Annex A of ISO 27001, then the answer is organisational, people, physical and technological. The International Standard groups information security into these 4 categories. The ‘organisational’ category requires the creation of policies, roles and responsibilities and day-to-day business activities. The ‘people’ category ensures that the most appropriate staff are employed, and that they understand what is expected of them in relation to the business’ approach to infosec. ‘Physical’ controls relate to the security of business premises, clear desk policies etc, whilst, ‘technological’ controls relate to measures that may be adopted by organisations to assist in securing information through the use of technology such as capacity management, configuration management, change management, network security, firewalls, cryptography etc.
What are the 3 principles of information security?
The three aspects that information security (infosec) seeks to protect are ‘confidentiality’, ‘integrity’ and ‘availability’. Confidentiality ensures that information is not made available or disclosed to unauthorised entities. Integrity protects the accuracy and completeness of assets, whilst Availability ensures that information is accessible and usable on demand by authorised individuals.tc.
What are information security examples?
Examples of information security include encryption, firewalls, antivirus software, multi-factor authentication (MFA), vetting of individuals, controlling access to premises / information and providing staff awareness training.
What are 5 information security policies?
Policies provide direction on your organisation’s approach to different aspects of information security management. Policies may relate to the classification of data, password management, acceptable use of assets, authentication procedures and incident response - these are five examples, but your organisation may choose to formulate a policy relating to any aspect of information security (infosec) management.
ISO 27001: How Certification Works
URM’s blog breaks down the ISO 27001 certification process, the roles of certification bodies and UKAS, what auditors look for during assessments, and more.
URM’s blog explores the ISO 27001 business continuity controls, why they matter, & how they can be effectively implemented to ensure conformance to the Standard
URM’s blog breaks down the six incident management-related controls in Annex A of ISO 27001, providing key guidance on how to implement each control.
URM’s blog explains the legal, regulatory & contractual controls in ISO 27001 & how they can be implemented in full conformance with the Standard.