Mitigating information security risks: common traps to avoid

Welcome to this week’s Security Spotlight, where we shine a light on:?

• How to mitigate information security risk ?

• How to address AI security risks with ISO 27001?

• Streamlining GDPR compliance with ROPAs, data flow maps and DPIAs?

• An overview of Cyber Essentials ?

• A practical guide to the PCI SAQs ?

• How to implement an ISMS in 9 steps?

• Today's webinar on how to ensure DSAR compliance?

• Our upcoming Information Security Risk Assessment Workshop ?

?

How to mitigate information security risk?

Risk management is fundamental to information security and ISO 27001.?

But once you’ve identified and classified your risks, how do you mitigate them??

Our head of GRC consultancy, Damian Garcia, explains in this interview. He also reveals common traps when it comes to risk.?

Read the full interview ?

?

How to address AI security risks with ISO 27001?

AI is taking the world by storm. But for all its potential, there are legitimate concerns around, among other things, data security.?

Bridget Kenyon, lead editor for ISO 27001:2022, talked to us about:?

• AI penetration testing?

• Input data quality in LLMs?

• Addressing AI risks with ISO 27001?

• Behavioural economics and user education?

• Accounting for AI in a future edition of ISO 27001?

Read the full interview ?

?

Streamlining GDPR compliance with ROPAs, data flow maps and DPIAs?

Few people like spreadsheets. Fewer still like multiple spreadsheets, or complex compliance.?

One way to streamline GDPR compliance is to make your ROPAs a focal point. Another is to look at your ROPAs together with data flow maps and DPIAs.?

DPO and data privacy trainer Andy Snow explains how to simplify and streamline GDPR compliance.?

We also cover how to automate GDPR compliance.?

Read the full interview ?

?

Blog update | Index of interviews?

We’ve updated our index of interviews!?

New additions include expert insights from Bridget Kenyon, Damian Garcia, Claire Agutter and Dr Loredana Tassone into:?

• How to address AI risks with ISO 27001?

• How to mitigate information security risk?

• SIAM (service integration and management)?

• The DSA (Digital Services Act) and DMA (Digital Markets Act)?

Explore the full index ?

?

New blog | Overview of Cyber Essentials?

Cyber Essentials is a UK government scheme that outlines steps organisations can take to secure their systems.?

It contains 5 controls that cover the basics of effective information and cyber security.?

Learn more ?

?

Blog | A practical guide to the PCI SAQs?

If you can validate PCI DSS compliance via an SAQ, do you know which SAQ you need??

This guide by our head of PCI consulting services, Sujith Parambath, explains what questions to ask to figure out which SAQ you need.??

Read the full guide ?

?

Free green paper | Implementing an ISMS – The nine-step approach?

Good information security is about addressing the risks specific to your organisation without compromising your business objectives.?

So, take an approach that’s both strategic and operational.?

An ISMS – preferably aligned with ISO 27001 – takes a systematic approach to managing confidential information so that it remains secure.?

This paper explains our 9-step approach to implementation, which we’ve used to help 800+ organisations around the world achieve ISO 27001 compliance.?

Download now?

?

Free webinar | Ensuring DSAR compliance: Navigating requests and building customer trust?

Today, 3:00–4:00 pm (BST)?

DSARs are a critical component of GDPR compliance, allowing individuals to access their personal data.?

In this webinar, our DSAR experts – Dr Loredana Tassone, John Potts and Helen Pettit – will guide you through the entire DSAR process, from verifying the requester’s identity to formally disclosing information.?

You’ll gain practical knowledge and the tools to handle DSARs efficiently while maintaining GDPR compliance and building trust with customers.?

Register now ?

?

Workshop | Information Security Risk Assessment Workshop?

Tuesday, 22 October 2024, 2:00–4:00 pm (BST)?

This hands-on 2-hour workshop improves your skills in conducting an information security risk assessment – a critical process for securing your organisation.?

Become confident in your ability to identify, assess and mitigate risks methodically while working with internal teams and suppliers.?

Led by Andrew Pattison, head of GRC consultancy at IT Governance Europe, this session will guide you through the practical application of risk assessments using a real-world example.?

Register now ?

We previously interviewed Andrew about pragmatic ISO 27001 risk assessments and third-party risk management .?

?

Speak to an information security expert?

With 20+ years’ experience in information security, we understand risk management.?

Our experts have implemented information security programmes for hundreds of organisations across a multitude of industries in both the private and public sectors.?

New to the world of information security and need advice on how to get started??

Or updating an existing information security programme??

Our information security experts are here to help.?

Get in touch ?

?