At least once a week, we sit down with an expert from within the Group to get their insights on a technical topic or business area.
Here are all our Q&As to date, grouped by broad topic:
To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight.
Last updated: 24 May 2024. Interviews added: Camden Woollven on privacy and ethical concerns around AI (AI); Kirsten Craig on the APRA (data privacy); Vanessa Horton on cyber incident response (incident response); and Matthew Peers on ISO 27001 and physical security (ISO 27001).
AI
Camden Woollven on privacy and ethical concerns around AI
22 May 2024
Head of AI Camden talks us through the ethical principles for guiding AI development, how those principles relate to data privacy, high-risk domains (such as healthcare), and why AI ethics requires a team effort in this interview.
Mark James on AI and data protection
11 April 2024
Privacy consultant Mark talks about the data protection risks of AI, the GDPR’s (General Data Protection Regulation) restrictions around automated decision-making, legal bases for processing personal data via AI systems, and how to address the risks from that type of processing in this interview.
23 February 2024
What is voice cloning, what are the associated risks, and what can organisations do to protect themselves? Privacy consultant Mark answers all these questions and more in this interview.
Cyber attacks and data breaches
Leon Teale on the mother of all breaches
24 January 2024
Senior penetration tester Leon talks us through the implications of a historic 26-billion-records leak. Learn why even old credentials can cause a lot of damage, and how you can protect yourself in this interview.
Cyber Essentials
Ashley Brett on Cyber Essentials and ISO 27001
10 May 2024
Cyber security advisor and product evangelist Ashley talks us through some common Cyber Essentials misconceptions, key differences between Cyber Essentials and ISO 27001, the benefits of each, and things to consider if you’re implementing both in this interview.
Ashley Brett on Cyber Essentials solutions
21 February 2024
Cyber security advisor and product evangelist Ashley provides a simple overview of the Cyber Essentials scheme. He also talks us through various Cyber Essentials solutions to help you choose the right one in this interview.
Cyber resilience
Adam Seamons on cyber defence in depth
19 April 2024
What is defence in depth, why is it important and how does it work? Information security manager Adam answers all these questions and more, giving practical, expert insight into defending against malware in multiple layers, with details on the purpose of each, in this interview.
Alan Calder on cyber resilience
24 November 2023
Group CEO Alan gives us a quick overview of his award-winning book: Cyber Resilience – Defence-in-depth principles. He also explains why defence in depth is so important in this interview.
Cyber security
Leon Teale on zero-day exploits
24 April 2024
What are zero-day exploits and who is most at risk? How can we detect zero-day vulnerabilities and attacks, and protect ourselves from them? Plus, how much of an outlier was the MOVEit Transfer breach? We put all these questions and more to senior penetration tester Leon in this interview.
Adam Seamons on zero-trust architecture
5 January 2024
Information security manager Adam gives us a short history lesson about how networks have evolved, and the security consequences of that evolution. In particular, he highlights the risks of Cloud infrastructure and the merits of zero-trust architecture in this interview.
Vanessa Horton on ransomware trends
20 November 2023
Cyber incident responder Vanessa shares recent ransomware trends, why they’re worrying, and what organisations can do about them in this interview.
Leon Teale on secure remote working and VPNs
23 October 2023
Senior penetration tester Leon gives us his top 10 tips for secure remote working. He also talks us through different VPN (virtual private network) technologies in this interview.
Data privacy
17 May 2024
In the US, expectations are – cautiously – rising that we could see a landmark single federal privacy standard enacted into law: the APRA (American Privacy Rights Act). Data privacy lawyer Kirsten takes us through what it is, its requirements, its interplay with state-specific laws, its scope, and the next steps in this interview.
Ryan Peeney on records of processing activities
9 May 2024
Records of processing activities, also known as ‘ROPAs’, are an explicit legal requirement in Article 30 of both the UK and EU GDPR. But what exactly are they? Why are they important, and what are their benefits? And how can you create and maintain them? We put all these questions and more to DPO (data protection officer) consultant Ryan in this interview.
Louise Brooks on practical GDPR compliance
25 April 2024
Numerous misunderstandings surround complying with the GDPR. As a principles- and risk-based law, there aren’t prescribed dos and don’ts – the Regulation simply provides a framework for compliance. Furthermore, compliance can be a business enabler, not a ‘necessary evil’. Head of consultancy at DQM GRC Louise explains further in this interview.
11 April 2024
DPO consultant Ola talks us through biometric data – what is it, and how do the GDPR’s principles and requirements apply to it? She also explains the importance of DPIAs (data protection impact assessments) and data protection by design in this interview.
22 March 2024
Privacy consultant Mark explains what data seeding is, why it’s such an unintrusive measure, and when and how to use it in this interview.
Louise Brooks on staff monitoring
4 March 2024
How much and what type(s) of staff monitoring is too much? How can organisations monitor staff while remaining compliant with privacy laws? Head of consultancy at DQM GRC Louise gives us the answers in this interview.
Alan Calder on maintaining GDPR compliance
16 February 2024
Group CEO Alan takes us through what data privacy and GDPR compliance trends he foresees in 2024. He also gives us his 5 top tips for remaining compliant in this interview.
Andrew Snow on a landmark GDPR ruling
12 January 2024
The ECJ (European Court of Justice) issued a landmark GDPR ruling in December 2023. Data privacy and cyber security trainer Andrew takes us through the details, and explains why this ruling is so important in this interview.
Andrew Snow on the UK–US data bridge
6 November 2023
The UK and US received an adequacy decision enforced in October 2023. Data privacy and cyber security trainer Andrew talks us through the practical implications, how organisations can take advantage, and alternative mechanisms for UK–US data transfers in this interview.
DORA
Andrew Pattison on DORA, how it compares to NIS 2, and how it’ll be regulated
3 May 2024
What is DORA (Digital Operational Resilience Act)? How does it differ – or overlap – with NIS 2 (Network and Information Security Systems Directive)? What are the DORA pillars? How will DORA be regulated? And will non-EU organisations have to comply with it? We put these questions to Andrew, head of GRC (governance, risk and compliance) consultancy at IT Governance Europe, in this interview.
Andrew Pattison on simplifying DORA compliance with ISO 27001
26 January 2024
ISO 27001 can be used to simplify compliance with DORA. Head of GRC consultancy at IT Governance Europe Andrew explains how in this interview.
Cliff Martin on streamlining DORA compliance
18 December 2023
DORA’s requirements aren’t too dissimilar to that of other legislation and standards. Head of cyber incident response Cliff explains how to streamline DORA compliance in this interview.
Alan Calder on DORA supply chain security
11 December 2023
Group CEO Alan explains why supply chain security – a key DORA pillar – is so important, and how organisations can secure their supply chain in this interview.
Cliff Martin on DORA incident response
28 November 2023
Head of cyber incident response Cliff takes us through DORA’s incident response requirements – another pillar of the Regulation – in this interview.
Andrew Pattison on DORA risk management
13 November 2023
Head of GRC consultancy at IT Governance Europe Andrew explains the most important DORA pillar: ICT risk management. He talks us through the Regulation’s requirements and how organisations can meet them in this interview.
Europrivacy
Alice Turley on the Europrivacy scheme and certification
26 April 2024
What is Europrivacy™/®, who can apply for certification, and what are the benefits? How do the scheme and certification work? And what must applicants consider when choosing a consulting company? Senior privacy and GRC consultant and trainer Alice answers all these questions in this interview.
Incident response
Vanessa Horton on cyber incident response
24 May 2024
Cyber incident responder Vanessa gives us a complete, practical overview of cyber incident response. She talks us through common misconceptions and errors, threat types, protection, detection, cyber incident response plans, training, digital forensics and the incident response process. She also covers real-life examples in this interview.
Vanessa Horton on anti-forensics
2 February 2024
Criminals use anti-forensics techniques to try to remain undetected and/or mask their actions. Cyber incident responder Vanessa explains further, and provides examples of anti-forensics techniques as well as advice for how organisations can protect themselves, in this interview.
ISO 27001
Matthew Peers on ISO 27001 and physical security
15 May 2024
When we hear ‘information security’ or ‘ISO 27001’, we usually think ‘cyber security’. However, physical security is also an important aspect of information security. In fact, in ISO 27001:2022, ‘physical’ is one of just four control themes. GRC consultant Matthew explains why, and talks us through physical access control, physical security monitoring, CCTV, and more in this interview.
Alan Calder on transitioning to ISO 27001:2022
10 April 2024
Group CEO Alan explains why ISO 27001 and ISO 27002 were updated in 2022. He also talks us through key changes and transition dates, and how to approach your transition project in this interview.
Alan Calder on ISO 27001 and defence in depth
20 March 2024
Group CEO Alan explains how ISO 27001 and defence in depth intersect, and the importance of each. He also talks us through the ISO 27000 family of standards, and how ISO 27001 can help organisations meet their regulatory requirements in this interview.
Alan Calder on the ISO 27001:2022 addendum and ISO 27006 update
15 March 2024
ISO 27006 was recently updated. An ISO 27001:2022 addendum was also recently released. Group CEO Alan gives us the highlights of both updates, as well as an overview of the business benefits and regulatory value of ISO 27001, in this interview.
Andrew Pattison on pragmatic ISO 27001 risk assessments
8 March 2024
ISO 27001 fundamentally takes a risk-based approach. Head of GRC consultancy at IT Governance Europe Andrew gives us his tips on how to keep your risk assessments simple and manageable in this interview.
Alan Calder and a quick overview of ISO 27001
6 March 2024
Group CEO and ISO 27001 pioneer Alan gives us a quick overview of the business benefits of ISO 27001. He also talks us through how the Standard can aid regulatory compliance, and offers tips on risk assessment and continual improvement in this interview.
PCI DSS
Stephen Hancock on PCI DSS SAQ SPoC
30 October 2023
QSA (Qualified Security Assessor) consultant Stephen gives us an overview of the latest PCI DSS SAQ (Payment Card Industry Data Security Standard self-assessment questionnaire): SAQ SPoC (software-based PIN entry on COTS). He explains which organisations qualify and how SPoC solutions work in this interview.
PECR
Louise Brooks on cookie compliance
19 January 2024
Head of consultancy at DQM GRC Louise shares how organisations can improve their cookie banners without hampering their business objectives, and common mistakes around obtaining valid consent, in this interview.
Louise Brooks on the ICO’s ultimatum on cookies
4 December 2023
The ICO (Information Commissioner’s Office) gave the UK’s top websites an ultimatum: get your cookies compliant, or risk enforcement action. Head of consultancy at DQM GRC Louise gives her insights into this ICO statement and ICO enforcement more generally, and advice on how organisations can best meet their cookie requirements, in this interview.
Security testing
9 February 2024
The CVSS (Common Vulnerability Scoring System) is now at v4.0. Senior penetration tester Leon explains what the CVSS is, how it works, when to use it, its limitations, and the key changes introduced in CVSS v4.0 in this interview.
Supply chains
Andrew Pattison on simplifying supply chain risk management
5 April 2024
Head of GRC consultancy at IT Governance Europe Andrew explains the importance of keeping risk assessments and supply chain risk management simple, and how DORA might change how organisations manage risk. He also talks us through considerations around risk when outsourcing, e.g. to a Cloud provider, in this interview.
Training
4 April 2024
Cyber security specialist and instructor Soji gives us a complete overview of CISM (Certified Information Security Manager), talking us through its topics, intended audience, career opportunities, alternatives, and more in this interview.
Damian Garcia on ransomware elearning
7 February 2024
Head of GRC consultancy at IT Governance Damian recently updated our Ransomware Staff Awareness E-learning Course. He explains why this course is so important, the key topics covered, its top take-aways, and more in this interview.
Miscellaneous
22 March 2024
Softcover, PDF eBook or ePub? Publications manager Nicola explains the difference between each to help you choose the right written book format for you in this interview.
Sophie Sayer on the IT Governance partner programme
14 February 2024
Head of channel Sophie talks us through the IT Governance partner programme, and the benefits of partnering with us, in this interview.
Andreas Chrysostomou on audiobooks
10 January 2024
Publishing relations manager Andreas explains the audiobook format – including its pros and cons, how audiobooks are developed, and more – in this interview.
Sam McNicholls-Novoa on CyberComply
20 December 2023
CyberComply is a Cloud-based, end-to-end solution that simplifies compliance with a range of cyber security and data privacy standards and laws. Product marketing manager Sam talks us through some of the software’s benefits and features in this interview.
Get the latest expert insights straight to your inbox
If you like our weekly interviews, you’ll love our free weekly newsletter, the Security Spotlight.
Every Wednesday, you’ll get a 4-minute email with:
- Interviews with our experts, sharing their insights and expertise;
- Industry news, including the latest publicly disclosed data breaches and cyber attacks;
- Our latest research and statistics;
- Free useful resources; and
- Upcoming webinars.
