InfoSec Insider

In this episode of InfoSec Insider, Jack Woods and George Ryan, both Consultants at URM, share their insights on how organisations can effectively manage AI suppliers and navigate the emerging risks associated with artificial intelligence in the supply chain. Jack and George draw on their experience supporting organisations with AI governance and supplier risk management to discuss: What AI supplier management is and how it differs from traditional supplier management, including the impact of rapidly evolving AI models and changing service structures The key risks associated with AI suppliers, such as data leakage, unauthorised model training, hallucinations, bias, and compliance challenges The growing issue of shadow AI, and how a lack of visibility over employee use of AI tools can introduce significant security and governance risks How organisations can adapt due diligence processes to assess AI suppliers, including evaluating data handling practices, model governance, human oversight, and security maturity Contractual and governance considerations, such as restricting data use, ensuring transparency on model updates, and defining audit and incident response expectations The importance of understanding extended AI supply chains, including dependencies on underlying models and fourth-party providers Why AI supplier management must be treated as an ongoing activity, with continuous monitoring, internal communication, and reassessment of risk as technologies evolve Ask Jack and George a question: https://www.urmconsulting.com/podcasts/aI-supplier-management   If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider             You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts             Brought to you by URM, the UK’s leading information and cyber security specialists.       

In this episode of InfoSec Insider, Wayne Armstrong, Senior Information Security Consultant and Consultant Manager at URM, breaks down the fundamentals of effective information security risk assessment and treatment.  Wayne draws upon over 30 years of experience in IT, information security and risk management to discuss: What ‘risk’ actually is How to define a risk and the three component parts that are needed for a risk to exist How to assign value to a risk How to prioritise risks and determine which can be set aside, as well as how these priorities differ between organisations depending on context The risk treatment options available, and the need to revisit your risk assessment. Learn more about this topic: https://www.urmconsulting.com/blog/information-security-risk-assessment-and-treatment-understanding-relevant-risks If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider         You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts       Brought to you by URM, the UK’s leading information and cyber security specialists.     

In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, share their insights on zero trust architecture and its use when complying with the Payment Card Industry Data Security Standard (PCI DSS).  Alastair and Tibor leverage 30 years’ combined experience with the PCI DSS to discuss: What ‘zero trust’ is Whether organisations with zero trust still need segmentation, or whether identity is enough How to prove least privilege when access is dynamic and granted on demand, and how to handle sampling for PCI DSS evidence when access changes continuously The biggest zero trust implementation mistakes that cause PCI DSS challenges later Which logs matter most to prove that zero trust is actually protecting the cardholder data environment (CDE) And much more. Ask Alastair and Tibor a question:   https://urmconsulting.com/podcasts/zero-trust-architecture-in-pci-dss If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider         You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts         Connect with us on LinkedIn Brought to you by URM, the UK’s leading information and cyber security specialists.