A survey with ISF Members revealed that only 50% of organisations have a sufficient framework in place to manage third parties suppliers, and they don’t regularly review or update it! With third party suppliers playing a critical role in supporting business activities, and often having access to critical business information and customer data, management and engagement with third parties as part of your breach prevention plan is essential. In this podcast Steve Durbin, Managing Director at ISF shares what organisations must do to ensure third party suppliers have sufficient controls in place, and how to prioritise which third party suppliers need the most attention. https://www.securityforum.org/videos-podcasts/isf-podcast-third-party-where-is-my-data/

In the second part of this 3-part business leaders podcast, Steve Durbin, Managing Director at ISF and Richard Guida, Managing Director at Guida Technologies discuss the negative impact new technology and in particular  connected devices has on data security, and what this means for both businesses and consumers in the future.  https://www.securityforum.org/videos-podcasts/isf-podcast-data-security-iot-challenges/

In the first of this 3 part Business Leaders podcast, Steve Durbin, Managing Director at the ISF talks with Richard Guida, Managing Director at Guida Technology Associates about his experience as a former CISO implementing data security within a large organisation, the role technology plays and the implications this has on security and the people who work within it. https://www.securityforum.org/videos-podcasts/isf-podcast-richard-guida-episode-1/

Increasingly organisations are incorporating mobile apps into their customer service offerings, however struggle to overcome the challenge of adequately securing apps, while ensuring ease of access is not compromised. With the added consideration of data privacy, businesses need to start focusing on security rather than just performance, but whose responsibility is it? In this podcast Steve Durbin, Managing Director at the Information Security Forum discusses the challenges associated with acquiring, using and operating mobile apps, and provides actions to manage those challenges, while maintaining the business benefits. https://www.securityforum.org/videos-podcasts/isf-podcast-mobingdom-for-an-app/

In this podcast, Steve Durbin, Managing Director at the Information Security Forum, shares the 5 key actions organisations can take today to demonstrate compliance, and how they can continue to build compliance into the organisations DNA beyond the deadline date. Steve also discusses the key issue of third party suppliers and their access to personal information, sharing an approach to help rationalise the number of suppliers and protect the data shared with them to support your compliance programme. https://www.securityforum.org/videos-podcasts/isf-podcast-gdpr-too-late/

Recognising the need to build a sustainable security workforce is of real concern to organisations across all sectors, as any shortfalls in skills and capabilities could leave an organisation vulnerable to an attack on its most critical assets, impacting an organisations performance and brand reputation. But as demand outstrips supply, a sustainable security workforce is becoming more and more difficult to achieve, increasing pressure on the CISO’s role.  In this podcast Steve Durbin, Managing Director at the ISF, discusses the skills and attributes CISOs should be looking for when building a sustainable workforce, how to retain them, and the part technology will play in the future when trying to overcome the workforce shortfall. https://www.securityforum.org/videos-podcasts/isf-podcast-buile-for-the-future/

When your most critical information assets represent 80% of your organisations total value, it’s important to know exactly what they are, where they are, and how to protect them? Until regulations such as GDPR came into focus, most organisations, while familiar with the term had no real understanding of how to define their ‘critical information assets’ and why they should be protecting them. Organisations now know that protecting these assets is crucial if they want to compete and succeed in a global market.  In this podcast, Steve Durbin, Managing Director at the Information Security Forum discusses what critical information assets mean to different organisations, how you can protect them, and what the consequences could be for an organisation if these assets were to be breached. https://www.securityforum.org/videos-podcasts/isf-podcast-protect-critical-assets/

Insider threats account for 54% off all breaches, and are found at all levels of an organisation, from top to bottom. Numerous factors are increasing organisations’ exposure to the threats posed by insiders, and technical controls are limited. To combat these threats, organisations must invest in a deeper understanding of trust, and work to improve the trustworthiness of all insiders.  The insider threat has only intensified as people have become increasingly mobile and hyper-connected, and with technology continuously advancing, the risks posed by insiders are only set to increase.  In this podcast, Steve Durbin, Managing Director, ISF discusses the most common types of insider threats, as well as how organisations need to take a holistic approach to tackle insider threats that include both technology and people when embedding security into their organisation’s DNA. https://www.securityforum.org/videos-podcasts/isf-podcast-who-to-your-business/

The frequency of ransomware attacks on businesses has significantly grown over the past two years, with the number of detections increasing by nearly 2000%. As the space becomes more attractive and lucrative to cyber criminals, the threat of ransomware is only set to rise in 2018 as attackers get more creative, sophisticated and persistent, and attacks from named ransomware such as WannaCry and BadRabbit become ever more prevalent.  With so many end points accessible to malware, organisations must be more vigilant than ever to protect themselves against this growing threat.  In this podcast, Steve Durbin, Managing Director, ISF addresses what organisations can do to prepare and protect against ransomware, and how focusing on the basics, as well as embedding security awareness within the organisation can help prevent such attacks. https://www.securityforum.org/videos-podcasts/isf-podcast-rans-cyber-criminals/

The role of a CISO has evolved over the years’ and now requires someone who combines InfoSec capabilities with business requirements. They must be able to align cyber to business strategy, speaking both languages while developing reporting metrics that satisfies the board and promotes good cyber resilience across the business. All these attributes support the belief that the CISO of the future doesn’t have to come from an IT background.  In this podcast, Steve Durbin, Managing Director ISF, addresses the objectives a CISO should aim to achieve in the first 100 days in the role, and offers insights into how a CISO should work with the board and security teams to achieve these. https://www.securityforum.org/videos-podcasts/the-ciso-reset/