Podcasts about cyber essentials

As InfoSecurity Europe prepares to welcome cybersecurity professionals from across the globe, Rob Allen, Chief Product Officer at ThreatLocker, shares why this moment—and this location—matters. Allen doesn't frame the conversation around hype or headlines. Instead, he focuses on a universal truth: organizations want to sleep better at night knowing their environments are secure.ThreatLocker's mission is grounded in achieving Zero Trust in a simple, operationally feasible way. But more than that, Allen emphasizes their value as enablers of peace of mind. Whether helping customers prevent ransomware attacks or meet regional regulatory requirements like GDPR or Australia's Essential Eight, the company is working toward real-world solutions that reduce complexity without sacrificing security. Their presence at events like InfoSecurity Europe is key—not just for outreach, but to hear directly from customers and partners about what's working and where they need help.Why Being There MattersDifferent regions have different pressures. In Australia, adoption surged without any local team initially on the ground—driven purely by alignment with the Essential Eight framework. In the UK, it's conversations about Cyber Essentials that shape booth discussions. Regulations aren't just compliance checklists; they're also conversation starters that change how organizations prioritize security.The ThreatLocker team doesn't rely on generic demos or vague promises. They bring targeted examples to the booth—like asking attendees if they know what software can be run on their machines without alerting anyone. If tools like remote desktop applications or archive utilities can be freely executed, attackers can use them too. This is where ThreatLocker steps in: controlling what runs, identifying what's necessary, and blocking what isn't.Booth D90 and BeyondRob Allen invites anyone—whether they're new to ThreatLocker or longtime users—to visit booth D90. The team, built with a mix of technical skill and humor (ask about the “second-best beard” in the company), is there to listen and help. It's not just about showcasing technology; it's about building relationships and reinforcing a shared goal: practical, proactive cybersecurity that makes a measurable difference.If you're at InfoSecurity Europe, stop by. If you're not, this episode offers a meaningful glimpse into why showing up—both physically and philosophically—matters in cybersecurity.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerCyber Essentials Guide: https://threatlocker.kb.help/threatlocker-and-cyber-essentials-compliance/?utm_source=itsp&utm_medium=sponsor&utm_campaign=infosec_europe_pre_interview_rob_q2_25&utm_content=infosec_europe_pre_interview_rob&utm_term=podcastAustralia's Essential Eight Guide: https://www.threatlocker.com/whitepaper/australia-essential-eight?utm_source=itsp&utm_medium=sponsor&utm_campaign=infosec_europe_pre_interview_rob_q2_25&utm_content=infosec_europe_pre_interviLearn more and catch more event coverage stories from Infosecurity Europe 2025 in London: https://www.itspmagazine.com/infosec25 ______________________Keywords:sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, infosec, compliance, ransomware, endpoint, regulation, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this episode of the cybersecurity month-end review, host Jim Love is joined by Daina Proctor from IBM in Ottawa, Randy Rose from The Center for Internet Security from Saratoga Springs, and David Shipley, CEO of Beauceron Security from Fredericton. The panel discusses major cybersecurity stories from the past month, including the Oracle Cloud breach and its communication failures, the misuse of Signal by U.S. government officials, and global cybersecurity regulation efforts such as the UK's new critical infrastructure laws. They also cover notable incidents like the Kuala Lumpur International Airport ransomware attack and the NHS Scotland cyberattack, the continuous challenges of EDR bypasses, and the importance of fusing anti-fraud and cybersecurity efforts. The discussion emphasizes the need for effective communication and stringent security protocols amidst increasing cyber threats. 00:00 Introduction and Panelist Introductions 01:25 Oracle Cloud Breach: A Case Study in Incident Communication 10:13 Signal Group Chat Controversy 20:16 Leadership and Cybersecurity Legislation 23:30 Cybersecurity Certification Program Overview 24:27 Challenges in Cybersecurity Leadership 24:59 Importance of Data Centers and MSPs 26:53 UK Cybersecurity Bill and MSP Standards 28:09 Cyber Essentials and CMMC Standards 32:47 EDR Bypasses and Small Business Security 39:32 Ransomware Attacks on Critical Infrastructure 43:34 Law Enforcement and Cybercrime 47:24 Conclusion and Final Thoughts

In this episode of ScaleUp Radio, I sit down with Peter Rucinski, co-founder of Assure Technical, to discuss his entrepreneurial journey and how his company has evolved to provide cybersecurity solutions for SMEs. Originally focused on high-value military and infrastructure projects, Assure Technical pivoted in 2016 to serve small and medium-sized enterprises, helping them navigate the increasingly complex world of cybersecurity. Today, they offer services like Cyber Essentials certification, penetration testing, and security audits to businesses that may not have dedicated security expertise in-house. Peter's leadership style has been shaped by his Royal Navy background and a unique 18-month sailing adventure with his family, which forced him to balance running his business remotely while navigating the unpredictability of life at sea. His experience has given him deep insights into risk management, problem-solving, and maintaining resilience—all of which are critical in both sailing and cybersecurity. During our conversation, Peter shares practical advice for SMEs looking to improve their cybersecurity posture, including:

AI usage has skyrocketed in the past 2 years, with many commonplace apps and software now featuring an AI integration in some form.  With the rapid development and possibilities unlocked with this powerful technology, it can be tempting to go full steam ahead with implementing AI use into your day-to-day business activities. However, new technologies come with new risks that need to be understood and mitigated before any potential incidents. In this episode Mark Philip, Information Security Manager at Cloud Direct, joins Ian to discuss emerging AI risks and how you can build AI resilience into your existing practices. You'll learn ·      Who is Mark? ·      Who is Cloud Direct? ·      How can you assess your current level of AI resilience? ·      What are some of the key threats that AI systems currently face, and how can you mitigate these? ·      How can you utilise AI to enhance your security? ·      What is best practice when responding to an AI related security incident?   Resources ·      Cloud Direct ·      Isologyhub    In this episode, we talk about: [02:05] Episode Summary – We invite Cloud Direct's Information Security Manager, Mark Philip, onto the show to discuss AI risks and how to build in AI resilience into your existing security practices.   [03:25] Who is Mark Philip?: While his primary role is as an Information Security Manager at Cloud Direct, a little known fact about him is that he is an amateur triathlete! At London earlier in 2024, he was lucky enough to bump into Alistair Brownlee, who is the UK's two time gold olympic medalist in triathlon. [05:10] Who are Cloud Direct? – Founded in 2003, Cloud Direct are a Microsoft Azure expert MSP that is the top of Microsoft accreditation that any partner can hold, putting them in the top 5% of Microsoft partners globally. They offer consultancy and professional managed services, specialising in Microsoft Cloud, which is all underpinned with security across the whole Microsoft stack. They also assist with digital transformation and modernisation. [06:30] Assessing the current AI risk landscape: Ian points out that a recent report from the Capgemini Research Institute found that 97% or organisations are using generative AI. With this increase in AI use, there is a correlation with an increase in security incidents related to AI. Mark adds that this technology is so new, with a lot of larger software companies such as Microsoft pushing AI elements into their tools. So there is a learning curve involved with utilising the technology. There is also a lack of Risk Assessment being done in relation to AI, not a lot of though is going into the use of AI on a day-to-day basis. If you're using an AI platform, you need to ask yourself: What is this platform actually doing with the data I'm inputting? There is also the fact that shady individuals are already leveraging this technology with the likes of deep fakes, bad bots and more sophisticated phishing schemes – and the harsh truth is that they're going to get better at it over time. [08:20] What is AI resilience and why is it so important? – AI resilience is about equipping businesses with the processes that control the use and deployment of AI usage, so that they can anticipate and mitigate any AI risks effectively. Similar to ISO Standards, this would involve a risk-based approach. However, this will look very different depending on your business and how you are using AI. For example, the risks of someone using AI to generate a transcript of meeting notes will be much lower in comparison to a healthcare company using complex sets of data with AI to synthesize new medicines. So, if you are using AI you need to consider what the inherent risks could be, and that would be dependent on the data you're processing i.e. is it sensitive data? And then factor in if the software is publicly available (such as ChatGPT), or it is a closed model under your control? Asking these types of questions will give you a more realistic outlook on the risk landscape you face. [10:35] How can a business assess their current level of AI resilience? AI is here to stay, so you won't be able to avoid if forever. So first, you need to embrace and understand it, and that includes creating a clear picture of your use cases. Mark states they did this exercise internally at Cloud Direct when they were starting to use Microsoft's Co-Pilot. They asked themselves: ·      What sort of data is the software interacting with? ·      What data are we putting into it? ·      How do Microsoft manage the program and related security? ·      Are Mircrosoft storing any of that data? It's not just about the security either, you need to understand why your using AI and if it will actually be to your benefit. A lot of people are using it because it's new and shiny, but if it's not actively helping you achieve your business goals, then it's more of a distraction than anything else. For those looking for additional guidance on AI policies, risks and resilience, there's a lot of guidance provided by both ISO and the NCSC. ISO 42001 in particular is useful for both people using AI and developers creating AI. If you're stuck on where to start, a Gap Analysis is a fantastic tool to see where you are currently and what gaps you need to bridge in your security to cover any AI usage, and to see how well you are complying with current legal requirements (the EU AI Act is now in effect!). Another tool is a Risk Assessment. You may not process what many would consider sensitive data, such as healthcare information, but even if you store and hold customer data, then you need to ensure that any AI you use doesn't pose a risk to it. [14:30] How can AI improve security and resilience? – Sticking with Microsoft as an example, as they are releasing a lot of AI driven tools, they can be used to fill gaps that humans may not have the time to do. Once example of this is monitoring and sending security alerts, previously a system may have just sent this to a human member of staff to resolve, but now AI security tools can act on those alerts on your behalf. So, if you have limited IT resources, this could be a fantastic addition to your security set-up. It also eliminates the lag of human response, and AI can look at things in a way a human wouldn't think to.   [17:55] How do people stay ahead of the curve in the evolving AI landscape? – You should be using the myriad of resources available to learn about AI, as there are webinars, social media feeds, blogs and videos released constantly. Microsoft in particular are offering a comprehensive feed of information relating to AI, the risks and new technologies in development. The key is to understand AI before integrating it into your business. Don't just jump at the new shiny toys being advertised to you, go to reputable sources such as the ICO, NCSC, Cyber Essentials and regulatory bodies to learn about the technology, the benefits it can bring in addition to the risks you need to mitigate against. Mark can vouch for Microsoft's though leadership in this field, as they keep all of their customers up-to-date with all of their AI related developments. Cloud Direct themselves are also putting out some great content, so don't forget to check out their resources. If you are already utilising Microsoft's tools, the Cloud Direct can help explain how their new tools can apply to your business. If you're looking for assistance with ISO 42001, then Blackmores can help you with implementing a robust AI Management System. [21:40] What is best practice when responding to an AI related incident? – To be honest, there's no reason to not treat it like any other security incident. We've already adapted to more sophisticated security risks as a result of the move towards home and hybrid working over the pandemic. This simply another stage along in this ever changing security landscape. You should treat it like assessing any new step, and you likely have all the processes in place for analysing risk already in place, simply apply them to the usage of AI and put in place the necessary governance based on your findings. Standards such as ISO 20000 IT Service Management and ISO 22301 Business Continuity are fantastic tools of you're new to this sort of incident response planning. If you've already been certified to these standards, then you likely have the following in place already: ·      Risk Assessments ·      Business Impact Assessments ·      Business Continuity Plans ·      Recovery Plans Simply add AI as an additional risk factor into your existing management system and update the necessary documentation to include actions and considerations for its use. If you update your Business Continuity and recovery plans, then make sure to test them! Don't just assume that they will work, put them to the test and adjust until you're comfortable that in a real incident, everyone in the business knows how to react, what to communicate and how to get back up and running. [24:00] What are Mark's predictions for the field of AI resilience? – People need to look at the opportunities in utilising AI, a lot of people are using it without really understanding it so there's a lot of learning still to do. So, he expects to see a lot of businesses fully grasping how they can use AI to their advantage in the coming years. With that comes the challenge of ensuring it's integrated safely, with the right governance embedded to ensure its safe and ethical usage across entire organisations. Another big challenge is the handling data privacy within AI. Scams are only going to get more complex as AI develops, and you need to ensure your business can protect against that as much as possible. Also businesses should carefully consider what AI platforms they choose to use. Ensure you understand what data is being input and stored, and the level of control you have over it. All of this to say, there are a lot of massive benefits of using AI and you should shy away from it. But, you need to ensure you are using it safely and ethically. [27:30] What is Mark's book recommendation? – The hunt for Red October by Tom Clancy [28:45] What is Mark's favorite quote? – “I have a bad feeling about this…” – Star Wars Want to learn more about Cloud Direct? Check out their website. We'd love to hear your views and comments about the ISO Show, here's how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Neil starts by giving us a solid understanding of IASME's pivotal role as the sole delivery partner of the Cyber Essentials scheme on behalf of the National Cyber Security Centre (NCSC). Working in close partnership with the NCSC and the Department for Science, Innovation, and Technology (DSIT), IASME ensures the consistency and credibility of Cyber Essentials across the UK. Neil explains how this collaborative effort aims to improve awareness, adoption, and implementation of essential cybersecurity measures, particularly for MSPs and their clients.  One of the key points of our discussion is Neil's emphasis on the necessity of Cyber Essentials. He explains that the scheme is designed to protect businesses against the most common cyber threats, offering a prescriptive approach to cybersecurity. Unlike other standards, Cyber Essentials doesn't simply recommend best practices—it mandates them. Neil stresses that MSPs, as custodians of their clients' IT systems, must lead the charge in implementing these essential controls. From patch management to MFA (multi-factor authentication), Cyber Essentials lays out straightforward measures that every organisation, regardless of size, can adopt.  Neil provides context about why some MSPs are still hesitant to embrace Cyber Essentials. He attributes it to a lack of education and regulation within the industry. Despite being targeted by cybercriminals due to the vast number of endpoints they manage, many MSPs either underestimate the risks or delay action until after an incident. Neil calls on MSPs to take proactive steps by embedding Cyber Essentials into their service offerings, not only to secure their clients but also to stand out in an increasingly competitive marketplace.  We also explore the three tiers of accreditation offered by IASME: Cyber Essentials, Cyber Essentials Plus, and the IASME Cyber Advisor certification. Neil elaborates on the differences, highlighting how Cyber Essentials focuses on a self-assessment validated by a trained assessor, while Cyber Essentials Plus involves an external audit of a business's IT systems. For those looking to further establish credibility, the IASME Cyber Advisor certification is an excellent option. Advisors are trained to provide implementation guidance and help businesses achieve compliance. This certification represents a golden opportunity for MSPs to differentiate themselves and gain the trust of potential clients.  Neil's passion for education is evident throughout our conversation. He believes Cyber Essentials is not just a sales tool but a vital framework for educating businesses about cybersecurity. Whether it's a sole trader or a multinational corporation, adopting Cyber Essentials means laying a solid foundation for cybersecurity and safeguarding against the ever-present threat of cyberattacks. He challenges MSPs to embrace their role as educators and advisors, helping clients understand the importance of these controls and encouraging adoption.  In terms of what's next, Neil shares exciting updates about upcoming changes to Cyber Essentials. Starting in April, IASME will introduce a new set of requirements, codenamed "Willow". These updates will reflect the industry's shift towards passwordless authentication and more robust vulnerability management. Neil highlights the growing role of passkeys, which offer a safer alternative to traditional passwords. This evolution aims to stay ahead of cyber threats while making compliance more accessible and effective for businesses of all sizes.  As the episode concludes, Neil reinforces the importance of collaboration across the industry to secure the UK against cyber threats. IASME is committed to being approachable and responsive, ensuring MSPs have the support they need to succeed. Whether it's through their technical guidance team or Neil himself, IASME offers resources to help MSPs navigate the certification process and enhance their cybersecurity offerings.  With Cyber Essentials growing in adoption year after year, the time has never been better to get involved. Whether you're considering Cyber Essentials certification, Cyber Essentials Plus, or becoming an IASME Cyber Advisor, this conversation with Neil Furminger will inspire you to take the next step.  Feel free to contact Neil Furminger through his email at neilfurminger@iasme.co.uk   Connect on LinkedIn HERE with Ian and also with Stuart by clicking this LINK  And when you're ready to take the next step in growing your MSP, come and take the Scale with Confidence MSP Mastery Quiz. In just three minutes, you'll get a 360-degree scan of your MSP and identify the one or two tactics that could help you find more time, engage & align your people and generate more leads.  OR   To join our amazing Facebook Group of over 400 MSPs where we are helping you Scale Up with Confidence, then click HERE  Until next time, look after yourself and I'll catch up with you soon! 

CISA proposes new security requirements for personal data Fortinet patches actively exploited zero-day UK report on Cyber Essentials certification Thanks to today's episode sponsor, SpyCloud Stolen data is a hot commodity for cybercriminals. Using infostealer malware, bad actors can siphon valid session cookies from employee devices, scoring the keys to access your networks and systems. According to SpyCloud's latest research, security teams are now seeing stolen cookies among the top three entry points for initial access for ransomware. Get the full insights, including other risk factors at spycloud.com/headlines.

Neil Smith explains how his journey into the cyber advisor space has not only strengthened his business by enhancing his credibility but also provided new revenue opportunities. He explains that the cyber advisor role is not just about securing clients but about positioning yourself as a trusted authority in the field of cybersecurity. With cybersecurity becoming more complex, Neil highlights the importance of MSPs adopting the Cyber Essentials and Cyber Essentials Plus certifications as a minimum standard. According to Neil, these certifications, which are significant milestones, are achievable and can set an MSP apart from the competition.  A key takeaway from our conversation is the opportunity that the cyber advisor role presents in a rapidly evolving regulatory landscape. Neil points out that the UK government has been moving towards regulating MSPs, particularly in terms of cybersecurity. While the regulatory changes may still be a few years away, Neil wisely suggests that proactive MSPs should get ahead of the curve by becoming cyber advisors now. By doing so, MSPs can not only comply with future regulations but also monetise the process through gap analysis services and further consulting.  Neil Smith shares that Reform IT chose to go down the IASME route for their Cyber Essentials Plus and Cyber Assurance certifications. This route was more cost-effective and provided the same level of credibility as the more expensive ISO 27001 certification. Neil explains that becoming a cyber advisor involves not just the certification of the business but also the training and accreditation of an individual within the organisation. This dual approach ensures that the business is fully prepared to deliver the cyber advisor service to clients.  One of the key benefits of becoming a cyber advisor, as Neil explains, is the ability to add substantial credibility to your MSP. With the official NCSC Cyber Advisor logo on your website and marketing materials, you can demonstrate to potential clients that you take cybersecurity seriously. Neil notes that this level of recognition can be a game-changer, particularly as more clients start to look for MSPs who can prove their commitment to cybersecurity.  Throughout the episode, Neil and I discuss the tangible benefits of being a cyber advisor, including the opportunity to stand out in a crowded market. Neil shares that, as of August 2024, there are only 82 organisations listed as cyber advisors in the UK. With approximately 15,000 MSPs across the country, this presents a significant opportunity for early adopters to differentiate themselves and capture market share.  In closing, Neil Smith offers practical advice for MSPs considering the cyber advisor route. He suggests leveraging the certification to educate existing and potential clients about the importance of cybersecurity. This, he believes, can lead to further business opportunities, as clients often require additional services once their cybersecurity gaps have been identified.  You can reach out to Neil Smith by sending him an email at neil@reformit.co.uk  Connect on LinkedIn HERE with Ian and also with Stuart by clicking this LINK  And when you're ready to take the next step in growing your MSP, come and take the Scale with Confidence MSP Mastery Quiz. In just three minutes, you'll get a 360-degree scan of your MSP and identify the one or two tactics that could help you find more time, engage & align your people and generate more leads.  OR   To join our amazing Facebook Group of over 400 MSPs where we are helping you Scale Up with Confidence, then click HERE  Until next time, look after yourself and I'll catch up with you soon!     

Cyber Essentials - Part 2: We first tackled cyber essentials in 2021 - since then there have been a number of updates and changes, as well as our understanding changing. We are therefore revisiting CE. In this part we cover 8 more tips to achieve CE, including the elements that are not obvious. This advice stems from us advising and supporting complex organisation is gaining CE. If you want any cyber security support please get in contact with the team by email info@clearcutcyber.com or visit the website clearcutcyber.com Music is Green Lights by Jahzzar from the Free Music Archive and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Cyber Essentials - Part 1: We first tackled cyber essentials in 2021 - since then there have been a number of updates and changes, as well as our understanding changing. We are therefore revisiting CE. In this part we cover what it is, when you might want it, and 2 tips to make gaining CE easier. Part 2 contains 8 more tips, including the elements that are not obvious. This advice stems from us advising and supporting complex organisation is gaining CE. If you want any cyber security support please get in contact with the team by email info@clearcutcyber.com or visit the website clearcutcyber.com Music is Green Lights by Jahzzar from the Free Music Archive and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Hello, and welcome to episode 117 of the Financial Crime Weekly Podcast, I'm Chris Kirkbride. On sanctions this week, designations from the US, and extension of existing sanctions from the EU. On bribery and corruption, the UK Anti-Corruption Coalition has published its post-election agenda, urging the new Labour government to take action across a range of areas. On money laundering, the Financial Conduct Authority has PEPs and their treatment by financial institutions in its sights. There is also a round-up of the cyber-attack news this week. As usual, I have linked the main stories flagged in the podcast in the description. These are: Council of the European Union, Extremist Israeli settlers in the occupied West Bank and East Jerusalem, as well as violent activists, blocking humanitarian aid to Gaza: five individuals and three entities sanctioned under the EU Global Human Rights Sanctions Regime.Council of the European Union, Iran: Council prolongs EU restrictive measures in view of Iran's military support for Russia's war of aggression against Ukraine and for armed groups and entities in the Middle East and the Red Sea region.Financial Conduct Authority, FCA calls on firms to improve treatment of politically exposed persons (PEPs).Financial Conduct Authority, Review: The treatment of politically exposed persons.Financial Conduct Authority, GC24/4: Proposed amendments to Guidance on the treatment of politically exposed persons.Financial Conduct Authority, Court sets dates for ‘finfluencer' trials.Financial Conduct Authority, Three charged over CFD trading pension fraud.National Cyber Security Centre, Cyber Essentials 'Pathways': From experiment to proof of concept.Office of Financial Sanctions Implementation, Guidance: UK Financial Sanctions FAQs.Office of Foreign Assets Control, Treasury Maintains Pressure on Houthi Illicit Shipping and Finance Schemes.Royal United Services Institute, Sanctions and the Next Financial Crisis.UK Anti-Corruption Coalition, Time to ramp up the fight against corruption.UK House of Commons Library, Sanctions against countries supporting Russia's invasion of Ukraine.US Department of Justice, Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group.US Department of State, United States Imposes Sanctions Targeting Iran's Chemical Weapons Research and Development.US Department of the Treasury, Treasury and the Financial Services Sector Coordinating Council Publish New Resources on Effective Practices for Secure Cloud Adoption. 

Guests: Don Gibson, CISO, KinlyOn LinkedIn | https://www.linkedin.com/in/don-gibson-cyber/Emma Philpott, CEO, IASME ConsortiumOn LinkedIn | https://www.linkedin.com/in/emphilpott/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli explore the intricacies of cybersecurity budget management and expenditure prioritization at the Infosecurity Europe event in London. The conversation kicks off with Sean and Marco discussing the challenges of balancing a minimalist approach with the need for robust security programs. The discussion swiftly transitions into budgeting strategies where the hosts are joined by guests Emma Philpott, CEO of IASME, and Don Gibson, Chief Information Security Officer (CISO) of Kinley. Emma provides insights into her role at IASME, highlighting their work on the Cyber Essentials program aimed at ensuring basic technical security controls. Don shares his experiences at Kinley, dealing with audiovisual technologies and their importance in security. The dialogue explores the difficulties organizations face, particularly around budget constraints, legacy technology, and the need for consistent investment in security measures.A significant portion of the episode is dedicated to the challenges faced by various-sized companies, from micro-businesses to large corporations, in implementing effective cybersecurity measures. Emma stresses the importance of making security accessible to smaller entities and the efforts IASME is making to provide free guidance and support. Don emphasizes the importance of clear communication and leadership at the board level to properly budget for cybersecurity, balance between technology, and staff investment, and avoid the pitfalls of over-reliance on either.The conversation also touches on the role of community and support networks within the cybersecurity realm. Both Don and Emma highlight the value of having trusted groups where professionals can share experiences, seek advice, and offer mental health support. They underscore how such communities foster a culture of openness and mutual assistance, which is crucial in an industry often grappling with high-pressure incidents and rapid technological changes.The episode wraps up with a discussion on the dynamics of cybersecurity as a competitive advantage and the evolving nature of security leadership. Emma and Don explain how achieving certifications like Cyber Essentials can provide business benefits beyond compliance, such as improved insurance outcomes and differentiation in the marketplace. Don challenges CISOs to think creatively about how cybersecurity can become a revenue-generating aspect of the business, reinforcing the need for innovative and dynamic leadership in the field.Tune in to learn more about budgeting, community support, and forward-thinking leadership in cybersecurity from the vibrant InfoSecurity Europe event.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageOn YouTube:

Guests: Don Gibson, CISO, KinlyOn LinkedIn | https://www.linkedin.com/in/don-gibson-cyber/Emma Philpott, CEO, IASME ConsortiumOn LinkedIn | https://www.linkedin.com/in/emphilpott/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli explore the intricacies of cybersecurity budget management and expenditure prioritization at the Infosecurity Europe event in London. The conversation kicks off with Sean and Marco discussing the challenges of balancing a minimalist approach with the need for robust security programs. The discussion swiftly transitions into budgeting strategies where the hosts are joined by guests Emma Philpott, CEO of IASME, and Don Gibson, Chief Information Security Officer (CISO) of Kinley. Emma provides insights into her role at IASME, highlighting their work on the Cyber Essentials program aimed at ensuring basic technical security controls. Don shares his experiences at Kinley, dealing with audiovisual technologies and their importance in security. The dialogue explores the difficulties organizations face, particularly around budget constraints, legacy technology, and the need for consistent investment in security measures.A significant portion of the episode is dedicated to the challenges faced by various-sized companies, from micro-businesses to large corporations, in implementing effective cybersecurity measures. Emma stresses the importance of making security accessible to smaller entities and the efforts IASME is making to provide free guidance and support. Don emphasizes the importance of clear communication and leadership at the board level to properly budget for cybersecurity, balance between technology, and staff investment, and avoid the pitfalls of over-reliance on either.The conversation also touches on the role of community and support networks within the cybersecurity realm. Both Don and Emma highlight the value of having trusted groups where professionals can share experiences, seek advice, and offer mental health support. They underscore how such communities foster a culture of openness and mutual assistance, which is crucial in an industry often grappling with high-pressure incidents and rapid technological changes.The episode wraps up with a discussion on the dynamics of cybersecurity as a competitive advantage and the evolving nature of security leadership. Emma and Don explain how achieving certifications like Cyber Essentials can provide business benefits beyond compliance, such as improved insurance outcomes and differentiation in the marketplace. Don challenges CISOs to think creatively about how cybersecurity can become a revenue-generating aspect of the business, reinforcing the need for innovative and dynamic leadership in the field.Tune in to learn more about budgeting, community support, and forward-thinking leadership in cybersecurity from the vibrant InfoSecurity Europe event.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageOn YouTube:

Welcome to Season Seven of Tate Talks We kick off with an excellent chat with Mostyn Thomas, Senior Director of Security, EMEA at Pax8 We covered a lot of topics including the barking dog in Hound dog, big wallets of CDs and the 3 Cybers. Podcasts Mentioned Tate Talks (Obviously) TubbTalk Podcast - Tubblog: The Hub for MSPs The Business of Tech – MSP Radio: The Voice of the Solution Provider High Performance (thehighperformancepodcast.com) IT Experts Podcast with Ian Luckett (libsyn.com) and my arch nemesis when it comes to the podcast charts The Diary Of A CEO with Steven Bartlett | No.1 Podcast Books The Extra Mile - Kevin Sinfield Limitless - Jim Kwik The Tipping Point - Malcolm Gladwell Rebel Ideas - Matthew Syed Unreasonable Hospitality: The Remarkable Power of Giving People More Than They Expect - Will Guidara and it wouldn't be a Tate Talks without... Atomic Habits - James Clear About Mostyn Mostyn Thomas is a cybersecurity expert and Senior Director of Security at Pax8 EMEA, where he leads security operations and delivers impactful cybersecurity training for partners. With over two decades of experience leading a MSP, Mostyn's expertise enhances partner security, mitigates risks, and fosters growth. His commitment to cybersecurity education has a profound impact within the tech community. As a qualified Cyber Essentials assessor, he holds security qualifications from CompTIA, the British Computer Society, and the National Cyber Security Centre. Connect with Mostyn on LinkedIn ⁠⁠⁠⁠⁠here⁠⁠⁠⁠⁠⁠⁠⁠⁠ and check out the Pax8 website ⁠⁠⁠⁠here⁠⁠⁠⁠ Music - https://www.purple-planet.com

Hello, and welcome to episode 105 of the Financial Crime Weekly Podcast, I'm Chris Kirkbride. This week has been yet another busy week for financial crime, which as I've still been ill, I still have done without. Sanctions news brings coordinated action against the Iranian drone production, and its suppliers. On bribery, more news on China and Ukraine getting their houses in order. The money laundering news comes with warnings on the role of cash couriers in funding terrorism, and some trouble in the EU over the FATF's grey list and jurisdictions recently removed from it. There are also stories on the scale of government fraud in the US, and in the UK, the Serious Fraud Office has published its strategy for the next five years. There is also a round-up of this week's cyber news. Let's crack on. As usual, I have linked the main stories flagged in the podcast in the description. These are: Council of the European Union, Why the EU adopts sanctions.Delegation of the European Union to Uzbekistan, European Union, EU Consortium and UNDP join efforts to support the anti-corruption effort of the Government of Uzbekistan.Department for Education, Policy paper – DfE counter-fraud policy: summary.European Parliament, Adoption of new rules to combat money laundering.European Parliament, New EU rules to combat money-laundering adopted.Financial Conduct Authority, Consultation Paper CP24/9***: Financial Crime Guide Updates.National Cyber Security Centre, Exploitation of vulnerability affecting Palo Alto GlobalProtect Gateway.National Cyber Security Centre, Pathways: exploring a new way to achieve Cyber Essentials certification.Office of Financial Sanctions Implementation, Financial Sanctions Notice: Iran.Office of Financial Sanctions Implementation, Guidance: Legal Services General Licence.Serious Fraud Office, SFO Strategy 2014 – 2019.South African Government, Non-profit Sector in South Africa Assessed for Exposure to Terrorist Financing Risk (press release).South African Government, Terrorist Financing: Risk Assessment for the Non-profit Organisation Sector in South Africa.The Guardian, Peter Hain calls for inquiry into MoD's alleged role in Saudi bribes scandal.Transparency International, Unfinished Business: Despite FATF Money Laundering List exit, UAE has much to prove.UK government, UK targets Iran's ability to launch drones through new round of sanctions.US Department of Justice, Two Florida Steel Traders Sentenced for Money Laundering and Russia-Ukraine Sanctions Violations.US Department of Justice, Former Comptroller General of Ecuador Convicted for $10M International Bribery and Money Laundering Scheme.US Department of Justice, Laboratory Owners Charged in $36M COVID-19 Testing Fraud Scheme.US Department of State, United States Imposes Sanctions on Suppliers Contributing to Ballistic Missile Proliferation.US Department of State, U.S. Imposes Sanctions on Suppliers to Pakistan's Ballistic Missile Program.US Department of the Treasury, Treasury Designates Entities Involved in Raising Funds for Violent Extremists in the West Bank.US Department of the Treasury, G7 Cyber Expert Group Conducts Cross-Border Coordination Exercise in the Financial Sector.US Department of the Treasury, G7 Cyber Expert Group Conducts Cross-Border Coordination Exercise in the Financial Sector.US Department of the Treasury, Treasury Targets Networks Facilitating Illicit Trade and UAV Transfers on Behalf of Iranian Military.US Government Accountability Office, Fraud Risk Management: 2018-2022 Data Show Federal Government Loses an Estimated $233 Billion to $521 Billion Annually to Fraud, Based on Various Risk Environments.US Government Accountability Office, Report to Congressional Committees: Fraud Risk Management.US Office of Foreign Assets Control, Settlement Agreement between the U.S. Department of the Treasury's Office of Foreign Assets Control and SCG Plastics Co., Ltd.US Office of Foreign Assets Control, Treasury Designates Iranian Cyber Actors Targeting U.S. Companies and Government Agencies.World Bank, Unveiling the hidden: The crucial role of beneficial ownership registers in promoting transparency and accountability.

In this episode, Richard speaks to Tom Welton, a Solutions Engineer at Pax8. Previously working in their Colorado office, he has been based in the UK since the company opened their first European location. After getting special dispensation from the British government to move over in the middle of the covid pandemic, Tom has since helped Pax8 to establish several offices in the UK and the wider EMEA.Speaking in person at Channel Live 2024 in Birmingham, Tom explains his background and experiences at Pax8 to Richard. He shares how he overcame his imposter syndrome and what a Solutions Engineer does.Richard and Tom also discuss why they enjoy attending in-person channel events, how MSPs are using AI and why it's important to be aware of data protection and security requirements when using publicly-available tools like ChatGPT.Mentioned in This EpisodeIT Industry Association: CompTIAAI tool: ChatGPTAI tool: Microsoft CoPilotCybersecurity accreditation: Cyber Essentials

Hello, and welcome to episode 92 of the Financial Crime Weekly Podcast, I'm Chris Kirkbride. It is yet another busy week for financial crime. There is news of co-ordinated action against a Russian cyber-criminal by the Australian, US, and UK authorities. On money laundering, there has been a range of updates to the law in the UK, and we end this week with a range of cyber-attack news stories. Lots to get into, so let's crack on. As usual, I have linked the main stories flagged in the podcast in the description. These are: Centre for Research on Energy and Clean Air, Insuring an invasion: UK insures EUR 46.4 bn Russian oil since sanctions.Council of the European Union, Sudan: Council adds six entities to EU sanctions list.Department for Science, Innovation and Technology, Business leaders urged to toughen up cyber attack protections (press release).Department for Science, Innovation and Technology, Cyber Governance Code of Practice: call for views.Europol, Three arrested for exporting military goods to Russia.Foreign, Commonwealth & Development Office, UK, US and Australia sanction key figures in Hamas's financial network.HM Treasury, Guidance: Money Laundering Advisory Notice: High Risk Third Countries.Institute of International Finance and Deloitte, Global financial crime prevention, detection and mitigation: Building on progress, addressing evolving priorities and achieving effective outcomes.National Crime Agency, UK warns of criminal sanctions evasion through artwork storage facilities (press release).National Crime Agency, Amber ALERT: Financial Sanctions Evasion, Money Laundering & Cultural Property Trafficking Through the Art Storage Sector.National Cyber Security Centre, Cyber Essentials: are there any alternative standards? (Blog post).National Cyber Security Centre, Global ransomware threat expected to rise with AI, NCSC warns (press release).National Cyber Security Centre, Report: The near-term impact of AI on the cyber threat.Office of Financial Sanctions Implementation, Financial Sanctions Notice: Counter-Terrorism (International).Office of Financial Sanctions Implementation, Who is subject to financial sanctions in the UK?Office of Financial Sanctions Implementation, Financial Sanctions Notice: Cyber.Office of Financial Sanctions Implementation, Financial Sanctions Notice: Yemen.Office of Financial Sanctions Implementation, Financial sanctions: Cyber.Office of Foreign Assets Control, U.S., UK, and Australia Target Additional Hamas Financial Networks and Facilitators of Virtual Currency Transfers.Office of Foreign Assets Control, United States, Australia, and the United Kingdom Sanction Russian Cyber Actor Responsible for the Medibank Hack.Peter Hain, Bring looters to justice with an International Anti-Corruption Court.UK Legislation, The Money Laundering and Terrorist Financing (High-Risk Countries) (Amendment) Regulations 2024 SI No 69.US Department of State, Terrorist Designation of the Houthis.US Department of State, Executive Order 13224.Vatican, Procedura in materia di segnalazioni ai sensi dell'art. 7 dello Statuto dell'Ufficio del Revisore Generale, 24.01.2024.

Before we dive into the new year, we'd like to take a step back and reflect on 2023.  Last year was filled with a lot of topics and challenges, from tackling the transition to ISO 27001:2022, to finding credible ways to offset your carbon emissions within the UK. With a total of 33 episodes published last year, Mel looks back on the 5 most popular episodes of 2023, including some highlights from each episode. You'll learn ·       What were the top 5 most popular podcast episodes of 2023? ·       A highlight from each of the top 5 episodes   Resources ·       The ISO Show   In this episode, we talk about: [00:45] Editor shoutout – A special shout out to the Blackmores Communication Manager, Steph Churchman, who helps organise, produce and publish the ISO Show podcast!   [01:20] Information Security was a favorite topic for 2023 – ISO 27001:2022 was definitely a hot topic in 2023, which is not a surprise seeing as anyone currently certified to ISO 27001:2013 will need to transition to the latest standard by October 2025. Many were making a start on this in 2023, or looking to plan it in for 2024. [02:10] #1: Episode 128 What's new with ISO 27001:2022? – Orginially published as part of a series of podcasts explaining the new Standard. This episode focuses on a high-level overview of the major changes. Here are a few highlights from the snippet: ·       Steve Gives an overview of what's new in ISO 27001:2022 – The updated version of ISO 27001 was released on the 26th Oct 2022. The new version included 24 changes and clarifications within the main clauses. ·       The controls for the new standard are now categorised into 4 groups: Organisation, People, Physical and Technology  ·       We covered some of the new controls in more detail in previous episodes: #109, #110, #111, #112, #113 and #114 ·       The 24 changes and clarifications to Clauses include older existing clauses which have been tidied up to be more transparent. We recommend reviewing to ensure that you are complying in a way that aligns with the Standard. ·       There are 11 new Controls. 56 controls from the 2013 version have been reduced to 24 with 58 remaining unchanged. So, in short, Annex A has been simplified with less duplication of controls.   [09:15] #2: Episode 130 What are the 11 new controls in ISO 27001:2022? – In this episode we brought Steve Mason back to discuss the 11 new controls in ISO 27001:2022, and delve into the context of why these were added. We also highlight some of the resources we've made available in the isologuhub, including mention of our ISO 27001 Transition Gameplan. Here are a few highlights from the snippet: ·       These new controls are nothing to worry about – they are simply aligning the Standard with more modern security considerations. You may already be complying with them! ·       Control A.5.7 Threat intelligence – ‘To provide awareness of the organization's threat environment so that the appropriate mitigation actions can be taken.' – This can come from many different sources, such as the NCSC or local police websites. There are also additional tools you can add to detect possible phishing attacks. This also includes consideration to external threats – Information Security is about much more than just protecting data! It also includes physical security. ·       Control A.5.23 Information security for use of cloud services – “To specify and manage information security for the use of cloud services.” – More and more businesses reply on cloud-based computing. It's important to verify the security of your service provider to ensure it's adequate. You can check to see if they have any valid Information Security related credentials such as CSA Star, Cyber Essentials, SOC. You could also adopt principles of ISO 27017 (certification for cloud security), ISO 27018 (Protection of PII in the public cloud) and ISO 27701 (PII security Standard). ·       Control A.5.30 ICT readiness for business continuity –‘ To ensure the availability of the organization's information and other associated assets during disruption' – There a few standards that could assist with this, including ISO 27031 (ICT readiness for Business Continuity). Those that have ISO 22301 may want to look at how ISO 27001 elements can be integrated and improved in any disaster recovery plans. ISO 27001 needs to be an integral part of any business continuity plans – not just a bolt on. Small business may not want to conduct a full business impact analysis, but should carry out a risk assessment around business continuity at the very least.   [21:20] #3: Episode 134 Credible Carbon offsetting with Treeconomy: We had some fantastic guests on the show last year, such as Harry Grocott – CEO of Treeconomy. We invited him on to talk about how we can demonstrate credible carbon offsetting through schemes here in the UK, and how you can avoid falling prey to greenwashing. Here are a few highlights from the snippet: ·       Can we quantify the value of nature? Short answer right now is no, but there is a lot of nuance. Nature offers ecosystem services i.e. farms offer a calorific benefit, we can put a price on the value that offers. The same principle applies to resources such as wood or oil. Now we are gaining the ability to quantify CO2 removal, which is undeniably valuable to humanity. ·       Other more recent services such as biodiversity projects are a bit harder to quantify – as they vary so much depending on the country. However, we are starting to assign value to these. ·       How can people be sure that they don't fall prey to Greenwashing? There are 2 main issues to consider: 1) Are your carbon credits credible? 2) what claims are top management making? ·       Tackling claims made by leadership: ISO standards are starting to solve this issue. There are clear requirements and certifications that need to be in place to back those claims.  ·       Tackling carbon credits: The carbon offsetting market is heavily unregulated currently. Essentially it's a lot of people trading in invisible gas. There are a number of carbon standards (Not quite at the same level as ISO Standards), such as the Woodland Carbon Code and the Peatland Code, and Internationally there are standards such as Verra VSC – unfortunately, a lot of these standards aren't very robust and aren't enforced. ·       Many companies will often look to buy the cheapest offsets available, which are likely to be non-credible and will provide no evidence of actual offsetting occurring. But, there are a lot of new companies emerging that provide tangible evidence of offsetting (such as Treeconomy  )   [33:50] #4: Episode 136 dotdigital's sustainable transformation with ISO 14001 –  We're always delighted to share stories about our clients' ISO journeys. In this case we got the chance to talk to Steve Shaw, the Chief Product and Technology Officer at dotdigital, about their journey to achieve ISO 14001. Dotdigital have a habit of going above and beyond when it comes to implementing ISO Standards, and this time is no different as Steve explains some of the fantastic sustainability initiatives introduced as a result of gaining certification. Here are a few highlights from the snippet: ·       dotdigital was the worlds first carbon neutral marketing automation platform that was ISO 14001 certified. They also aim to be net zero by 2030! ·       They have a relatively small footprint as a primarily digital based company, only really having to consider the running of computers, air conditioning and standard office facilities. So it can be a challenge to reduce! ·       What led to the success of dotgreen? – dotdigital launched a group called dotgreen, which has since thrived into a community of likeminded individuals all working together to improve and reduce dotdigital's impact. They were fortunate to have an Executive group sponsor who can take ideas and suggestions to other leadership for consideration. This grassroots group encourages suggestions from everyone – no idea is a bad idea. Over time, the group evolved and helped to develop a sustainability programme for the business.  ·       What was one of the initiatives implemented from dotgreen? – They identified that existing data centers used by the business weren't always utilising renewable energy. So, over the course of 2 years, they worked with Microsoft to build on their Azure platform to enable dotdigital to make the switch. Azure runs on renewable energy sources, and any remaining emissions can be offset through carbon credits. ·       A green option for their customers – As a result of their cloud platform now being run through green partners, they can extend the environmental benefit to their customers.    [42:25] #5: Episode 135 Emerging SaaS Trends in Health and Safety – Health and Safety can be quite the task to keep on top of, a well known fact for anyone certified to ISO 45001. Thankfully, there are a number of Software as a Service options out there to make the lives of Health and Safety professionals much easier. New and emerging technologies are only going to develop more rapidly with the integration of AI and machine learning. We invited James Sharp, Chief Technical Officer at Riskex, onto the show to discuss the top 10 emerging SaaS trends, including how each can help streamline processes and gather and analyse large amounts of data. Here are a few highlights from the snippet: ·       Riskex have been certified to a number of ISO Standards, including ISO 18001 (Prior Health and Safety Standard, now certifying to the latest version, ISO 45001), ISO 27001 (Information Security) and ISO 9001 (Quality Management) ·       Software as a Service became very popular during Covid, as business became very fragmented and were looking for solutions that could be rolled out across multiple sites. Riskex also created their own track and trace system based on established software they were already offering – helping businesses manage Covid safely. ·       Trend #1 – Artificial Intelligence – Artificial learning is all around us and with vast volumes of data being collected by safety management platforms.   AI allows decision engines to predict and provide guidance based on key trends or established KPI's. For example, if accident rates were to increase but at the same time risk levels have been reducing, it could soon highlight this trend and look at other surrounding data or previous trends to establish a pattern.  This will lead to a more pro-active approach to reporting and subsequent decision-making. ·       Trend #2 – API Connectivity – Providing an open API platform will allow businesses to integrate internal systems and external services to digest data. As more organisations adopt Cloud solutions, connectivity between platforms has become increasingly important. With a robust API offering, multiple business services can interact with ease and become part of the safety management space, without incurring significant cost or time. ·       Trend #3 – Low-Code Optimisation – Developing generic components within software to allow for quicker builds, implementations and tailoring requests. As stand-alone and generic component development increases, solutions can offer more flexibility and self-serve options to the end user to assist them with aligning platforms with their specific processes. ·       Trend #4 – Mobile Optimisation – More and more end-users are accessing health and safety software via their mobiles but for various reasons, are not always able to use native apps (installed on the device). Therefore, health and safety software platforms need to adapt use on multiple devices, without the loss of features. We can't wait to dive into new topics this year! If you'd like to request a specific topic, or be a guest on a future episode, get in contact and let us know. We'd love to hear your views and comments about the ISO Show, here's how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Guest: Paul Watts, Distinguished Analyst at Information Security Forum [@securityforum]On Linkedin | https://www.linkedin.com/in/paulewatts____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsPentera | https://itspm.ag/penteri67aSemperis | https://itspm.ag/semperis-1roo✨ ➤ Sponsorship Signup Is Now Open — And Yes, Space Is Limited!____________________________Episode NotesAs part of the traditional Chats on the Road to Infosecurity Europe 2023 series, hosts Sean Martin and Marco Ciappelli welcome Paul Watts, keynote speaker, to discuss the importance of communication, collaboration, and diversity in cybersecurity.The conversation touches on several topics, including the need for security professionals to understand customer needs, the importance of being agile and forward-thinking, and the value of having a nurturing relationship with the business. They also discuss Paul's session on the cybersecurity workforce, where he advocates for creativity and skills beyond just technical expertise.Overall, the episode emphasizes the need for constant, progressive conversations and relationships with the business, recognizing that change is a two-way street. Paul invites listeners to join his sessions at InfoSecurity Europe and engage in meaningful conversations. We look forward to seeing you there!____________________________ResourcesLearn more, explore the programme, and register for Infosecurity Europe: https://itspm.ag/iseu23Catch Paul's session: Managing the Current Demands of a Cyber Workforce Whilst Looking to Secure the Workforce of the FutureBe sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:

Guest: Paul Watts, Distinguished Analyst at Information Security Forum [@securityforum]On Linkedin | https://www.linkedin.com/in/paulewatts____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsPentera | https://itspm.ag/penteri67aSemperis | https://itspm.ag/semperis-1roo✨ ➤ Sponsorship Signup Is Now Open — And Yes, Space Is Limited!____________________________Episode NotesAs part of the traditional Chats on the Road to Infosecurity Europe 2023 series, hosts Sean Martin and Marco Ciappelli welcome Paul Watts, keynote speaker, to discuss the importance of communication, collaboration, and diversity in cybersecurity.The conversation touches on several topics, including the need for security professionals to understand customer needs, the importance of being agile and forward-thinking, and the value of having a nurturing relationship with the business. They also discuss Paul's session on the cybersecurity workforce, where he advocates for creativity and skills beyond just technical expertise.Overall, the episode emphasizes the need for constant, progressive conversations and relationships with the business, recognizing that change is a two-way street. Paul invites listeners to join his sessions at InfoSecurity Europe and engage in meaningful conversations. We look forward to seeing you there!____________________________ResourcesLearn more, explore the programme, and register for Infosecurity Europe: https://itspm.ag/iseu23Catch Paul's session: Managing the Current Demands of a Cyber Workforce Whilst Looking to Secure the Workforce of the FutureBe sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:

In this interview, Richard speaks to Mostyn Thomas, the Senior Director of Security at Pax8. He's responsible for overseeing the company's channel security operations, empowering Pax8 partners to reduce risk, improve efficiency, and ultimately grow their business. Mostyn has more than 20 years of experience working with managed service providers, including founding Astrix Integrated Systems in 2001. He's a Cyber Essentials trainer and holds a range of security qualifications.Richard and Mostyn discuss the shift to a cybersecurity focus in the IT space and why Pax8 are so popular. Mostyn shares his experience of transitioning from IT provider to cybersecurity expert to vendor and what a typical day looks like as the director of security. Mostyn shares his advice on how MSPs can support clients who only have small cybersecurity budgets, the one cybersecurity tool every SMB should have and the threats they need to be aware of.Richard asks Mostyn to share the best resources to stay up to date with cybersecurity trends, where he goes for advice, his inspirations and mentors. They also look at the number one mistake MSPs make and how to have a security-first mindset.Mentioned in This EpisodeGraham CluleyIan Thornton-TrumpWes SpencerJennifer BleamCompTIAKarl PalachukNational Cyber Resilience CentreCyber EssentialsAcronisConnect SecureSentinelOneSimon SinekJim Collins – Good to GreatMalcolm GladwellChip and Dan HeathMatthew Syed – Black Box Thinking

Guest: Ian Hill, Director of Information and Cyber Security at Upp Corporation [@getonupp]On LinkedIn | https://www.linkedin.com/in/ian-hill-95123897/____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsPentera | https://itspm.ag/penteri67a✨ ➤ Sponsorship Signup Is Now Open — And Yes, Space Is Limited!____________________________Episode NotesIn this Chats on the Road to Infosecurity Europe Conference podcast episode, Ian Hill, a cybersecurity veteran with 25 years in the field, and current Director of Information and Cybersecurity at Upp Corporation, shares his knowledge and experiences. He provides valuable insights into compliance, readiness, and the global challenges that affect cybersecurity.A main focus is the interplay between compliance and security. Hill emphasizes the importance of prioritizing a robust security strategy that organically leads to compliance, rather than letting compliance requirements dictate security measures. This perspective offers a redefined take on building an effective cybersecurity framework.The conversation also explores the concept of readiness in cybersecurity. In a domain where technology continually outpaces regulations, understanding what constitutes readiness is not straightforward. However, the discussion highlights its importance in preparing organizations to respond to evolving threats.The conversation pivots to get a view of global cybersecurity, discussing the cross-border challenges that organizations face in our interconnected world. Hill underscores the implications of navigating diverse laws, cultural attitudes, and standards in a global company, and points to an increasing need for international cooperation to manage the complex, ever-changing threat landscape.Have a listen. Enjoy. And be sure to catch Ian's keynote presentation and panel discussion during the conference.____________________________ResourcesLearn more, explore the programme, and register for Infosecurity Europe: https://itspm.ag/iseu23Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:

Guest: Ian Hill, Director of Information and Cyber Security at Upp Corporation [@getonupp]On LinkedIn | https://www.linkedin.com/in/ian-hill-95123897/____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsPentera | https://itspm.ag/penteri67a✨ ➤ Sponsorship Signup Is Now Open — And Yes, Space Is Limited!____________________________Episode NotesIn this Chats on the Road to Infosecurity Europe Conference podcast episode, Ian Hill, a cybersecurity veteran with 25 years in the field, and current Director of Information and Cybersecurity at Upp Corporation, shares his knowledge and experiences. He provides valuable insights into compliance, readiness, and the global challenges that affect cybersecurity.A main focus is the interplay between compliance and security. Hill emphasizes the importance of prioritizing a robust security strategy that organically leads to compliance, rather than letting compliance requirements dictate security measures. This perspective offers a redefined take on building an effective cybersecurity framework.The conversation also explores the concept of readiness in cybersecurity. In a domain where technology continually outpaces regulations, understanding what constitutes readiness is not straightforward. However, the discussion highlights its importance in preparing organizations to respond to evolving threats.The conversation pivots to get a view of global cybersecurity, discussing the cross-border challenges that organizations face in our interconnected world. Hill underscores the implications of navigating diverse laws, cultural attitudes, and standards in a global company, and points to an increasing need for international cooperation to manage the complex, ever-changing threat landscape.Have a listen. Enjoy. And be sure to catch Ian's keynote presentation and panel discussion during the conference.____________________________ResourcesLearn more, explore the programme, and register for Infosecurity Europe: https://itspm.ag/iseu23Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:

Forward-thinking agencies are creating dynamic workplaces for their teams that help them seamlessly transition between the work office and the home office. And it's a lot more complex than just setting up a Zoom account on a laptop. How do you deal with security? confidentiality? flexibility, mental wellness and oversight? Christopher Chave-Cox (CCC) runs The Intelligent Workspaces Partnership – a tech company dedicated to helping companies adapt to the new paradigm. From building specs to installation and deployment, IWP is at the vanguard of the modern workplace. In this show, CCC shares some insights into what's needed to create a workplace that people want to call their second home – spoiler alert – you're going to need more than an Air Hockey table. What tech do you need at home? What tech does the company need? Who pays for what? What buildings will function as an approved workspace by 2025? How are other countries are preparing to meet the need of the modern worker? And most of all - how can creative agencies manage this when so much of their work demands collaboration? There's also some great new business insight into the property market.! It's all here in a fantastic hour of literal office banter! Chris Chave-Cox on LinkedIn: https://www.linkedin.com/in/christopher-chave-cox-54712929/ Cyber Essentials:https://www.ncsc.gov.uk/cyberessentials GCHQ Cybersecurity: https://www.gchq.gov.uk/section/mission/cyber-security Learn more about your ad choices. Visit megaphone.fm/adchoices

ISO 27001, The Information Security Standard, was updated in October 2022. While there is a 2-year grace period for transition, we would urge everyone to make a start on implementing the changes to ensure you are compliant with latest best practice standards. Over the last two episodes, we've gone over the key changes and explored the specific clause updates in more detail. As mentioned in the first episode of this mini-series, there have been 11 new controls added to ISO 27001:2022. Mel is once again joined by Steve Mason, Managing Consultant here at Blackmores, to discuss the 11 new controls added to ISO 27001:2022 and their purpose.   You'll learn What are the 11 new controls in ISO 27001:2022? Why have these been added? What is their purpose?   Resources Isologyhub NIST Cyber Essentials ISO 22301   In this episode, we talk about: [01:00] A quick overview of the key changes -  56 Controls combined into 24 newly titled controls, 11 new controls added and 58 existing controls remained unchanged.  [02:30] We have been over a few of the new controls in ISO 27002:2022 in more detail in a few previous episodes: #111, #112, #113, #114 [02:50] These new controls are nothing to worry about – they are simply aligning the Standard with more modern security considerations. You may already be complying with them! [03:32] Control A.5.7 Threat intelligence – ‘To provide awareness of the organization's threat environment so that the appropriate mitigation actions can be taken.' – This can come from many different sources, such as the NCSC or local police websites. There are also additional tools you can add to detect possible phishing attacks. This also includes consideration to external threats – Information Security is about much more than just protecting data! It also includes physical security. [05:33] Control A.5.23 Information security for use of cloud services – “To specify and manage information security for the use of cloud services.” – More and more businesses reply on cloud-based computing. It's important to verify the security of your service provider to ensure it's adequate. You can check to see if they have any valid Information Security related credentials such as CSA Star, Cyber Essentials, SOC. You could also adopt principles of ISO 27017 (certification for cloud security), ISO 27018 (Protection of PII in the public cloud) and ISO 27701 (PII security Standard). [08:30] Control A.5.30 ICT readiness for business continuity –‘ To ensure the availability of the organization's information and other associated assets during disruption' – There a few standards that could assist with this, including ISO 27031 (ICT readiness for Business Continuity). Those that have ISO 22301 may want to look at how ISO 27001 elements can be integrated and improved in any disaster recovery plans. ISO 27001 needs to be an integral part of any business continuity plans – not just a bolt on. Small business may not want to conduct a full business impact analysis, but should carry out a risk assessment around business continuity at the very least. [11:30] Control A.5.30 ICT readiness for business continuity – further considerations: A key focus of this part of the Standard is Recovery Time Objectives and Recovery Point Objectives. Overall, the whole business continuity aspect of the updated ISO 27001:2022 may take a bit of work to implement, but you will ultimately be much better off in the event of a disaster or security incident. For further guidance, you may want to check out an older non-certifiable standard, BS 25777 (ICT continuity). [13:20] Control A.7.4 Physical security monitoring –‘ To detect and deter unauthorized physical access.' - This can include things like CCTV, access control, swipe cards ect. This also includes the ability and regular practice of monitoring these access methods, for the purpose of detecting any anomalies. [18:56] Control A.8.9 Configuration management – ‘To ensure hardware, software, services and networks function correctly with required security settings, and configuration is not altered by unauthorized or incorrect changes' – Configuration for things like a firewall, software, any hardware devices, passwords ect should be documented, explained and monitored on a regular basis to ensure nothing has been changed without notifying the relevant people. ISO 20000 includes a helpful section around configuration if you require further guidance.   [21:41] Control A.8.10 Information deletion – ‘To prevent unnecessary exposure of sensitive information and to comply with legal, statutory, regulatory and contractual requirements for information deletion.' – This already existed in the Standard, it has simply been clarified further. You will now need to prove that data has been deleted as required, if you use a 3rd party for this, they will need to provide the relevant certificates.   [22:05] Control A.8.11 Data Masking – ‘To limit the exposure of sensitive data including PII, and to comply with legal, statutory, regulatory and contractual requirements.' – You have 3 options for data masking: Obfuscation, pseudonymisation and annoymisation. This also helps to comply with GDPR requirements. [24:10] Control A.8.12 Data leakage prevention – ‘To detect and prevent the unauthorized disclosure and extraction of information by individuals or systems.' – This control has made a return from the 2005 version of ISO 27001. Businesses should have systems in place to monitor any particularly large data downloads – or even possibly large print batches. You should also ensure that you have a secure email system in place as well as VPN's and regular security training to sure up your security to prevent any potential leaks. [27:00] Control A.8.16 Monitoring Activities  – ‘To detect anomalous behaviour and potential information security incidents.' – Appropriate monitoring should be in place to detect any potentially dangerous or malicious behavior.   [28:00] Control A.8.23 Web Filtering  – ‘To protect systems from being compromised by malware and to prevent access to unauthorized web resources.' – Your systems should be set up in a way to prevent people from accessing unsecure or unsavory sites. This could include Social Media sites – but be mindful that there may have to be exceptions for marketing or communications personnel for those particular sites. [28:00] Control A.8.28 Secure Coding – ‘To ensure software is written securely thereby reducing the number of potential information security vulnerabilities in the software.' – If you have created your own secure coding, be sure to evaluate it against industry professional standards such as OWASP and NIST.   As a reminder, we'll be running a mini-series through January and February on the updated ISO 27001:2022 in addition to how you can transition to the new version. Keep an eye out for next weeks episode where we dive into the clause clarifications and control changes of ISO 27001:2022… We'd love to hear your views and comments about the ISO Show, here's how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

As many of you are aware, an updated version of ISO 27001 was published in October 2022. While there is a 2-year grace period for transition, we would urge everyone to make a start on implementing the changes to ensure you are compliant with latest best practice standards. But where do you start? In the last episode, Mel and Steve gave an overview of the updated ISO 27001:2022, including a high-level look at some of the key changes. In addition to the control changes, there have been several changes made to specific clauses within the Standard. Mel is once again joined by Steve Mason, Managing Consultant here at Blackmores, to discuss the ISO 27001:2022 clause updates and their purpose. You'll learn What clauses have been updated from the 2013 version of ISO 27001? Why have these clauses been updated?   Resources Isologyhub NIST Cyber Essentials ISO 9001   In this episode, we talk about: [01:06] The changes to these clauses appear to align your Management System with the business more so than in the previous iteration of ISO 27001 – a key focus is integration.  [01:20] First change: Clause 4.2 Understanding the needs and expectations of Interested parties – ‘c) which of these requirements will be addressed through the information security management system.' - This seeks to align the Management System with interested parties and identify where it may or may not be able to meet their needs and expectations. [03:30] Clause 4.4 Information Security Management System – ‘The organization shall establish, implement, maintain and continually improve an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document.' – There will be more focus on process flows and not Policies and Procedures. This can be further used to align the Management System with your business, by clearly identifying where it fits in with your business activities.  [06:14] Clause 5.1. Leadership – ‘Reference to “business” in this document can be interpreted broadly to mean those activities that are core to the purposes of the organization's existence.' – This acts more as a reminder to top management to ensure they include the Management System as part of the business and not just a bolt-on. It should be a part of the strategy and part of the business (part of the ship, part of the crew) [07:42] Clause 6.1.3  Information Security Risk Treatment –‘ Note 2 in sub-clause ‘c' now states ‘Annex A contains a list of possible information security controls.' (it had previously read Annex A contains a comprehensive list of control objectives and controls.) – This simply means that you can add references to other controls outside of the list provided within Annex A i.e. NIST or Cyber Essentials. Though, do be careful to avoid doing this at minutia level, as that just increases Management System maintenance. [09:15] Clause 6.2  Information security objectives and planning to achieve them –‘ A couple of extra points have been added to this clause: d) be monitored g) be available as documented information'  - The monitoring was previously a given, but not really specified. So now, you'll have to demonstrate how you're monitoring objective planning and achievements. [10:24] Clause 6.3 Planning of Changes – ‘When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner.' – This has now been aligned more with ISO 9001's approach to changes. All changes should be planned before implementation, and this now includes information security consideration. Fun fact – they forgot to include this clause in the Standard table of contents! (as of January 2023, this will probably be added later!) [11:55] Clause 9.3.2  Management Review Inputs –‘ c) changes in needs and expectations of interested parties that are relevant to the information security management system' – This just ensures that the needs and expectations of your Interested Parties are reviewed and not just left stagnant. [13:20] To help you revamp your Management Review, check out episodes #99 and #100 As a reminder, we'll be running a mini-series through January and February on the updated ISO 27001:2022 in addition to how you can transition to the new version. Keep an eye out for next weeks episode where we dive into the clause clarifications and control changes of ISO 27001:2022… We'd love to hear your views and comments about the ISO Show, here's how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Hello, and welcome to this week in financial crime. I'm your host, Chris Kirkbride. The world of financial crime gets a bit busier this week as 2023 starts to warm up. A good range of fraud stories, with a lot from the UK National Cyber Security Centre, including some interesting free events to attend. The UK Financial Conduct Authority has also been busy too. Let's just get on with it.These are the links to the principal documents mentioned in the podcast:Companies House, Register of Overseas Entities Reminder Letter.Companies House, Disposing of UK property as an overseas entity.Council of Europe, Criminal Law Convention on Corruption.Financial Action Task Force, Consolidated Assessment Ratings.Financial Conduct Authority, Final Notice: Guaranty Trust Bank (UK) Ltd.Financial Conduct Authority, FCA fines Guaranty Trust Bank (UK) Limited £7.6million for further failures in its anti-money laundering systems and controls.Financial Conduct Authority, Final Notice: Al Rayan Bank plc.Financial Conduct Authority, FCA penalises Al Rayan Bank PLC for anti-money laundering failures.Financial Conduct Authority, Letter to wholesale brokers.Financial Conduct Authority, Market Watch 62.Financial Conduct Authority, Market Watch 69.Financial Conduct Authority, 2023 Fines.Insolvency Service, Coventry artist hit with 7-year ban for abusing Bounce Back Loan.National Cyber Security Centre, NCSC Digital Loft: Updating the Cyber Essentials technical requirements for 2023.National Cyber Security Centre, NCSC Digital Loft: Incident Management & the cyber threat from Russia.National Cyber Security Centre, Threat Report 13th January 2023.Office for Professional Body Anti‑Money Laundering Supervision (OPBAS), Sourcebook for professional body anti‑money laundering supervisors.Spotlight on Corruption, From Serious Farce to Serious Force – 4 priorities for beefing up the Serious Fraud Office in 2023.Spotlight on Corruption, Tribunal's Covid loan scheme ruling should not let the government off the hook.

In this latest Today's Conveyancer podcast, host David Opie is joined by Emma Green, Managing Partner at Cyber Data Law Solicitors. A regular commentator on national radio and television, Emma is an expert on cyber crime and alongside spending her time educating firms on the perils of cyber attack, has also spent time negotiating with criminal organisations on behalf of firms who have been attacked. Emma lends her experience and insight to the Today's Conveyancer podcast where she discusses why the cyber risk message simply isn't getting through; We have seen a number of large legal organisations affected in just the last couple of months. With experience dealing with insurance providers, Emma also discusses the merits of the various online security badges and marks avaiable (Cyber Essentials etc) and how they are viewed by insurers.She also explains how a firm's greatest risk is its people and constant diligence is required to protect ourselves from the increasingly sophisticated efforts of cyber criminals. And alongside some top "prevention is better than cure" tips, Emma shares her thoughts on what firms need to do in the immediate aftermath of a cyber attack. The Today's Conveyancer podcast can be found on your preferred podcast provider and also at www.todaysconveyancer.co.uk. Subscribe and listen in for all the latest conveyancing industry news and views.

In this episode of the podcast, Jeri is joined by Peter Slack, CEO of Orbital. Peter runs through 7 of the most important IT security essentials all businesses should be taking. Including:PasswordsMulti Factor AuthenticationICOAnti-VirusBackupsE-mail Training Peter's info: https://www.linkedin.com/in/peterslack https://orbital-it.com/ Established in 1999 and more than 25 years' experience we provide expert IT Support, Software/Solutions & IT Services to PC based networks & businesses. We specialise in the SME/SMB sector and provide Enterprise level IT solutions across all vertical markets. We are a cutting-edge high-level boutique company, providing experts to resolve your IT solutions. Orbital are Cyber Essentials certified and security is at the core of everything we do. We are a Managed Security Solutions Provider allowing small businesses to access enterprise level Cyber Security solutions within their budget. Peter Slack, CEO, is experienced in delivering large scale IT projects with experience across many different IT platforms and his relationships with suppliers is second to none. He is a Liveryman of the Worshipful Company of Information Technologists in London and has an invaluable network of IT business suppliers & board directors of the biggest IT companies globally. This has enabled the company to develop its own market leading services and unique security stack with market leading brands. As truly independent consultants we will advise on best practice and solutions for your business, whilst avoiding the many pitfalls of the technology world.

In this episode, Richard talks to Shabad Chawla, the founder of London-based MSP techsapiens. Its managed service framework is based on the UK's Cyber Essentials scheme and other relevant industry standards. This allows Shabad to offer a profitable niche service. Shabad tells Richard about the tech stack they use in techsapiens, how they use the Keepabl solution and their relationship with the team there. He also explains why he believes GDPR is an opportunity for MSPs. They also discuss how MSPs can find the best vendor partners to work with and why techsapiens focuses on helping clients with Cyber Essentials accreditation. Plus, Shabad shares the best and worst things about running an MSP, what he gets from MSP peer communities, and how he sees the future of the industry. Mentioned in This Episode https://www.datto.com/uk/products/autotask-psa/ (Autotask) from Datto/Kaseya Sales platform: https://www.tubblog.co.uk/zomentum-revenue-platform/ (Zomentum) Documentation: https://www.itglue.com/ (IT Glue) GDPR compliance training: https://www.tubblog.co.uk/keepabl/ (Keepabl) Cybersecurity: https://cybersmart.co.uk/ (CyberSmart) UK government cybersecurity scheme: https://www.ncsc.gov.uk/cyberessentials/overview (Cyber Essentials) Video hosting and sharing: https://vimeo.com/ (Vimeo) Create step by step guides: https://www.tango.us/ (Tango) Create step by step guides: https://scribehow.com/ (Scribe) Create step by step guides: https://www.techsmith.com/screen-capture.html (Snagit) https://www.tubblog.co.uk/techtribe/ (The Tech Tribe) Discord channel: https://mspsinthe.uk/ (MSPs in the UK) MSP Geek https://join.mspgeek.com/ (Slack channel) AI tech support: https://www.moveworks.com/ (Moveworks) MSP admin portal: https://docs.microsoft.com/en-us/microsoft-365/lighthouse/m365-lighthouse-overview?view=o365-worldwide (Microsoft Lighthouse) M365 monitoring: https://mspeasytools.co.uk/ (MSP Easy Tools)

Today's guest is Jane Frankland, owner and CEO of Knewstart, and founder of the IN Security movement. Jane has been in the cybersecurity industry for 24 years and is an award winning entrepreneur and best selling author of "IN Security: How a failure to attract and retain more women in cybersecurity is making is all less safe'.  She was also named as the third most influential person in cybersecurity in the UK.We discuss Jane's start in cybersecurity and her entrepreneurial career, including how she built a seven-figure business within two years. She has held senior executive roles and been actively involved in OWASP, CREST and Cyber Essentials. We discuss her activism around attracting and retaining women in the industry, and why we need more right brain thinkers.Plus, Jane talks about her latest venture, "The Source", a platform for women in cybersecurity and businesses who value them. Find out more.Before that, for our opening topic we are delighted to welcome Decipher's Executive Editor Lindsey O-Donnell Welch, and Editor-in-Chief Dennis Fisher to discuss what we know about the cybersecurity situation currently in Ukraine (note we recorded this on 20th January and it's a very fluid situation). Decipher is an independent editorial website covering security news, exploring the impact of the latest risks and providing informative and educational material for readers intent on understanding how security affects our world.  Episode timings:0.00 - 13.46: Opening topic with Decipher13.47 - 69.24: Interview with Jane Frankland69.25 - 70.16: Closing thoughts

In this episode of Hacked Off, Holly interviews Simon McNamee - Secure Impact's Security Technology Lead. This week, they discuss what issues security experts often encounter when working with businesses; both those with a high level of security maturity, as well as those just starting off on that journey. Holly and Simon offer some sage advice to organisations about getting the most out of their security services - it all starts with understanding the difference between these services and recognising what your business is ready for - and they also share some of their own experiences from different on-site engagements. 1:00 Defining Value 7:00 What happens when nothing happens? 10:50 Goals 13:42 Cyber Essentials & beyond 17:35 Are you ready for a pentest? 22:50 Simulating the bad guys 30:40 Creating a distraction 35:50 Not every attack is ransomware Listening time: 43 minutes Host: Holly Grace Williams, on behalf of Secarma Guest: Simon McNamee, Security Technology Lead at Secure Impact Ltd Connect with Simon: www.linkedin.com/in/samcnamee Secure Impact: www.secure-impact.com Our website: www.secarma.com Tweet us: www.twitter.com/Secarma Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

Northumbria Police's Claire Vandenbroecke and Charlotte Knill from the Force's Cyber Crime Unit have joined the North East LHS Team for a triple treat! We met Claire at the NELHS Ade Lovelace day and we wanted to invite the Nercuu back to tell us more about what they do. Claire and Charlotte usually deliver bespoke training to businesses, advising them on how to keep their systems secure, as well as working with young people with highly specialised digital skills and they've joined NELHS in a special three-part podcast to share their expertise. The series covers everything from why you should be using two-factor authentication on your apps, to how tricks and jokes adopted by gamers could see them falling foul of the law. Charlotte said: “CyberCrime is an area of policing which is constantly evolving and changing and it is on us as a Force to adapt and make sure our staff and officers have the relevant skills to deal with offences such as ransomware attacks and hacks to phishing scams and frauds as well as sexual offences like online exploitation. “Cybercrime is ultimately something we can't arrest our way out of, even if we had all the resources in the world. The best way we can tackle cybercrime is to prevent the offences from taking place in the first instance. “A large part of my role is working with young people and getting them to understand that cybercrime is not a victimless crime – an attack on a small business for example could be devastating and have serious consequences for the owner's livelihood. “Steering teenagers away from cybercrime and showing them the vast array of jobs in the industry is a simple but effective way of preventing them using their skills in an unethical and teaching them about the Computer Misuse Act. In Claire's world of Cyber Protect and Prepare, businesses, organisations and charities are being issued with practical advice to block unsolicited attempts to gain access. “A lot of what I cover in the podcast is what I'm sharing with businesses on a daily basis. They're really simple and straightforward tips from making sure your passwords are strong – we advise using three random words or a password generator which you can find online, to use two-factor authentication for your apps, as well as basic house-keeping like ensuring all your systems are up to date so no weaknesses can be exploited.” Follow Northumbria Police Northumbria Police | Facebook and @northumbriapol on Twitter For help and advice about cybercrime visit the North East Regional Cyber Crime Unit's website here: https://nerccu.police.uk/ To check your online security visit: https://haveibeenpwned.com/ How strong is your password - https://www.security.org/how-secure-is-my-password/ Cyber Essentials - https://www.ncsc.gov.uk/cyberessentials/overview Police cyber alarm - https://cyberalarm.police.uk/ Microsoft Hafnium: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ The Ladies Hacking Society is here to support women in learning and expanding their technical cyber security skills. We are women focused, not women exclusive and welcome all to our community. Twitter: https://twitter.com/NorthEastLHS @LHS_LON

Dr. Emma Philpott MBE is CEO of IASME Consortium Ltd, a company based just up the road at the Wyche Innovation Centre in West Malvern, which focuses on information assurance for small companies and the supply chain. They worked with the UK government to develop the Cyber Essentials scheme and were awarded the contract to be the sole NCSC Cyber Essentials Partner from April 2020. She has MBE after her name, which I look forward to hearing more about, and is also Founder and Manager of the UK Cyber Security Forum. https://iasme.co.uk/ (https://iasme.co.uk/) https://www.linkedin.com/in/emphilpott/ (https://www.linkedin.com/in/emphilpott/) https://www.linkedin.com/company/the-iasme-consortium-limited/ (https://www.linkedin.com/company/the-iasme-consortium-limited/) https://twitter.com/IASME1 (https://twitter.com/IASME1)

Cyber Essentials In this second part of the cyber essentials scheme we examine what the scope of it is, how you define your scope, and what is not in scope. Further reading: NCSC website: https://www.ncsc.gov.uk/cyberessentials/overview IASME (NCSC partner): https://iasme.co.uk/cyber-essentials/ Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Where can large and small businesses find good, basic cyber security advice?We look at the options and discuss the UK's Cyber Essentials programme. Is it a good start or a non-starter?(Full Show Notes available on our website.) 

Cyber Essentials The UK has a certification scheme called Cyber Essentials to help improve cyber security. In this podcast we help you understand what the cyber essentials and cyber essentials plus schemes are, and why you should follow the advice contained in the essentials. This podcast provides and overview of the scheme, and later podcasts will go into the detail of them. Further reading: NCSC website: https://www.ncsc.gov.uk/cyberessentials/overview IASME (NCSC partner): https://iasme.co.uk/cyber-essentials/ Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/

Welcome to the Cyber Security Happy Hour Podcast.  In this episode, I give an overview of the Cyber Essentials Certification.   What is Cyber Essentials? How do Organisation get Certified What the main technical controls Who Assesses the questionnaire?   Want further information on Cyber Essentials Certification? https://intexit.co.uk/cyberessentials/ https://intexit.co.uk/cyber-essentials-plus/   Enjoy   Do you want free Cyber Security Training click on the links below: https://www.cybrary.it/   Free Penetration Testing Videos https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw   This is Cyber  and Information Security Podcast - do not forget to protect your data in transit  and maintain your privacy  by using our affiliate link for Nordvpn.     GET NORDVPN: https://go.nordvpn.net/aff_c?offer_id=288&aff_id=41574&url_id=11219   USE COUPON CODE: intexcyber   USE THE CODE SO YOU CAN GET 70% off 3-year plan + 1 month free You can follow us on Instagram https://www.instagram.com/cybersechappy/    GogglePodcast https://podcasts.google.com/feed/aHR0cHM6Ly9mZWVkLnBvZGJlYW4uY29tL3BiZ2IxZTVjMjhqemYvZmVlZC54bWw?hl=en-GB   At Intex IT website: https://intext.co.uk/podcast/   ITUNES:  podcasts.apple.com/gb/podcast/cyber-security-happy-hour/id1515379723   Do not forget to subscribe to the podcast so you never miss an episode.    Instagram: @Cybersechappy   

Mobile Device Management increases security, reduces risk and plays an important role in Government certified assurance models. Holly Grace discusses the role of device management for Cyber Essentials, and the challenges that come with employees using their own devices at work. Key points: 1'08 What is Mobile Device Management (MDM)? 3'05 Device Management for Cyber Essentials 8'27 Bring your own device (BYOD) 11'30 Passwords, pass codes and pin numbers Listening Time: 14 minutes Hosted by: Holly Grace Williams, Managing Director at Secarma

This episode talks about Home Working Cyber Essentials.After listening to this podcast please visit National Cyber Security Centre, Action Fraud, Take Five and the West Midlands Cyber Protect Websites for more guidance on all things relating to online Security.   Our host today is Patrick, a Detective and Cyber Protect officer for the Regional Cyber Team part of the Regional Organised Crime Unit for the West Midlands. Also covering the West Midlands is Sean Long – WMPDigitalPCSO, Warwickshire and West Mercia is James Squire - cyberpcso and Staffordshire Police area is Mathew Hough-Clews and can be found at sp_digitalpcso. To contact us please email us at wmcyber@west-midlands.pnn.police.uk.

This episode talks about 9 Common Cyber Security Risks and Cyber Essentials.  After listening to this podcast please visit Action Fraud, Take Five, National Cyber Security Centre and the West Midlands Cyber Protect Websites for more guidance on all things relating to online Security.   www.takefive-stopfraud.org.ukwww.actionfraud.police.ukwww.ncsc.gov.ukwww.wmcyber.org Our host today is Patrick, a Detective and Cyber Protect officer for the Regional Cyber Team part of the Regional Organised Crime Unit for the West Midlands. Also covering the West Midlands is Sean Long – WMPDigitalPCSO, Warwickshire and West Mercia is James Squire - cyberpcso and Staffordshire Police area is Mathew Hough-Clews and can be found at sp_digitalpcso. To contact us please email us at wmcyber@west-midlands.pnn.police.uk.

Robert Baugh CEO at Keepabl Ltd,Privacy-as-a-Service solution, Engineer/Lawyer,General Counsel  discusses :Cyber Essentials and ISO27001, and his findings on the takeup of these certifications.Demonstrating Compliance with GDPR.Vendor due diligence.Complications of GDPR.Data protection is a team sport.DPO's marking their own homework.Robert can be contacted athttps://www.linkedin.com/in/robertbaugh/hello@kepabl.comRobertb@keepable.com

In May's (2020) episode of Secrutiny's Magnify Cybersecurity Podcast, we discussed how to improve your network architecture for a more secure perimeter, gaps in firewall traffic and the dangers of exposed VPNs with cybersecurity expert, Shane Shook.Learn more about Secrutiny here.Shane Shook has been advising enterprises on Information Technology, Security and Risk Management for over 30 years, alongside providing breach investigation forensics and expert witness testimony.

Cyber Essentials Accreditation by Scottish Council for Voluntary Organisations SCVO

Martin Jackson   https://www.linkedin.com/in/martin-jackson-ab4147b/ is a GRC , Compliance Manager, Subject Matter Expert, Data Protection Officer Governance, Martin Jackson, Talks about PET, Privacy Enhancing Technology and the Digital Single Market which is a policy belonging to the European Single Market that covers digital marketing.Martin has massive experience in Risk & Compliance consultancy & training operation, including GRC, ISO27001/2, NIST Cybersecurity Framework, Cyber Essentials, ISO 31000, ISO 19011 and discusses how it all fits together.

In the first episode of Secrutiny's Magnify Cybersecurity Podcast (Feb 2020), we interview Shane Shook, a cybersecurity expert of over 30 years. Shane cautions us against emerging bot trends, built to invade and extract data but also enabling organisational sabotage or financial extortion, and the Iran cyber threat.Learn more about Secrutiny here.Shane Shook has been advising enterprises on Information Technology, Security and Risk Management for over 30 years, alongside providing breach investigation forensics and expert witness testimony.

We share the talk we presented at UKFast’s recent Cybersecurity 101 workshop, in a little more detail, discussing where companies should start with cybersecurity and how they can be comfortable that they have covered a broad enough area of security to be safe. 1’41 What is Cyber Essentials and is it right for your company? 5’57 Risk management – building a security culture and getting the board involved 10’39 Security protections – what you can do yourself and when to get a third party involved 19’43 Incident detection – alert generation, automatic monitoring and training the team 27’57 Minimising impact – response testing and planning, root cause analysis and backups Download on iTunes: apple.co/2Ji61Ek Listening time: 39 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

Today's guest, Daniel Dresner, finds the threads that bind information together and mend them when they break. He is the Academic Cyber Security Lead at University of Manchester, director/co-founder of IASME-the SME benchmark of cyber security governance-which helped to pioneer the Cyber Essentials. An evangelist for useful standards and good practice, he nurses organisations through ISO/IEC 27001, and received a PhD for work in information systems risk.

Some say education is the most powerful weapon which you can use to change the world, so we brought together two of the most influential educators in cybersecurity. Manchester University’s Academic Cybersecurity Lead and overall cyber enthusiast, Dr Daniel Gideon Dresner, BSc (Hons), FInstISP and our very own Head of Education at Secarma, Paul Mason to discuss all things cyber. From Danny’s first memories of ‘computers’, to finding his first job, learning technical skills, developing frameworks for the government and what’s next in bridging the skills gap. Paul hears what many students, educators, all the way up CEOs will find useful when it comes to why ‘cyber’; although complex it is an interesting area to gain a deeper understanding. This podcast really is for everyone with an interest in cybersecurity. Some of the key points include: 2’00 My first Commodore 64, Star Trek, Hitchhikers Guide and Dr Who 5’00 Astronomy, applied physics and computer science 11’00 How I got into technical writing 13’00 Lord Robertson of NATO and choosing between civil and military 15’00 The National Computing Centre heritage, building security bodies and certification history 28’00 Fighting the corner for small businesses and the importance of Cyber Essentials 35’00 Risk profiling your business 38’50 How I got into teaching security 44’00 ‘Pimping security’ Links you may be interested in: ALGOL 68 - https://en.wikipedia.org/wiki/ALGOL Cyber Essentials - https://www.secarma.com/services/cybersecurity-assessment/cyber-essentials/ Download on iTunes: https://itunes.apple.com/gb/podcast/hacked-off/id1439083220?mt=2 Listening time: 49 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.co.uk Hosted by: Paul Mason, Ethical Hacker & Head of Education at Secarma Guest: Dr Daniel Dresner, Academic Co-ordinator for Cybersecurity at the University of Manchester

Cyber Security, be it how we secure our perimeter, infrastructure, mobile devices or data, is a complex and ever-changing challenge. In the face of this complexity where do we start when it comes to building our organisations cyber security standards. Well perhaps the answer may lie in standardised frameworks and accreditation's. If you think about it, one of the biggest challenges we have when it comes to security is knowing where to start, so having a standard to work towards makes perfect sense. That is the subject of this weeks show with my guest and colleague Jason Fitzgerald, as we discuss the value of a UK based accreditation, Cyber Essentials. Jason spends much of his time working with organisations to help them address their IT security concerns and one of the tools he uses extensively is a framework and accreditation produced by the National Cyber Security Centre here in the UK, Cyber Essentials. During this episode we discuss why such a framework is valuable and can help a business improve its security posture. We discuss, the confusion in many organisations when it comes to cyber security, the 5 key areas that Cyber Essentials covers, the importance of getting your security foundation right and some tips on where to start when it comes to building a cyber security framework. Enjoy the show. Full show notes are here :- https://wp.me/p4IvtA-1yA

This month Helen and Rob explore matters of cyber-security. They're joined by Bob Bunney from Devon and Cornwall Police and cyber-security consultant Durgan Cooper. Plus: voices from the Secure South West 8 conference at Plymouth University and a round-up of technology stories. Links to resources mentioned in the programme: Devon & Cornwall Police (https://www.devon-cornwall.police.uk/) National Cyber Security Centre (https://www.ncsc.gov.uk/) ActionFraud (http://www.actionfraud.police.uk/) Get Safe Online (https://www.getsafeonline.org/) Cyber Essentials (https://www.cyberaware.gov.uk/cyberessentials/) Secure South West (http://www.securesouthwest.com/) CompTIA (https://www.comptia.org/) South West Cyber Security Cluster (https://southwestcsc.org/) GDPR (The EU General Data Protection Regulation – http://www.eugdpr.org/) CiSP (Cyber-security Information Sharing Partnership – https://www.ncsc.gov.uk/cisp) Presenters: Helen Connole and Rob J Glover, with Ian Woodbridge. First broadcast: 4pm, Thursday 9 February 2017, on Phonic FM (106.8FM in Exeter; phonic.fm online). Next programme: 4pm, Thursday 9 March 2017. Contact the team: tech@phonic.fm or @PhonicTech on Twitter.