Boardroom to Breakroom: Building a Culture of Compliance

Boardroom to Breakroom: Building a Culture of Compliance

Why do organisations still struggle to turn security policy into real-world behaviour?  In this episode of Phishing for Trouble, IO [https://www.isms.online/]’s Rebecca Harper and David Holloway explore how regulations like NIS2 place direct accountability on senior leaders whilst, in many organisations, compliance still lives on paper and not in practice. They’re joined by Professor Steven Furnell [https://www.nottingham.ac.uk/computerscience/people/steven.furnell], Professor of Cyber Security at the University of Nottingham, an expert in the intersection of human, technological and organisationalaspects of cyber security and full of good advice on turning policy into real action.  Hear how having a policy isn’t the same as people understanding how it applies directly to them and their job,the importance of moving away from ‘tick box’ compliance and how, wrongly handled, security training and tests can feel punitive, rather than supportive.  Because if staff are using unapproved processes or shadow I.T. and A.I, it might actually be a clue to what resources the business is lacking and a cue to ask the questions that fillthe gaps compliantly. Find out more at ISMS.online [https://www.isms.online/]

Supply Chain Dominoes: Why Their Risk Is Now Your Risk

What happens when a third-party company suffers a security breach, way down the supply chain – and the people who suffer are your customers? In this episode of Phishing for Trouble, IO [https://www.isms.online/]’s Rebecca Harper and David Holloway explore how, even if your systems are strong, a weak supplier can shut you down, how regulators and investors are demanding stronger supplier governance, and what you need to do about it. They’re joined by Madelein Van Der Hout, a senior analyst in cyber security and risk at Forrester [https://www.forrester.com/about-us/] who digs into the detail of recent high-profile breaches and what questions businesses should be asking, and the University of Oxford’s Professor Ciaran Martin - founding CEO of the UK National Cyber Security Centre [https://www.ncsc.gov.uk/] and one of the UK’s leading voices on cyber resilience. Hear how the cost of a supply chain breach can be more than financial, ways to identify risk and dig deeper into supplier assurances, and how to cope with the regulatory landscape as it evolves and develops Because it’s not just the disruption and damaged reputation a breach can cause, it can affect the profitability of both suppliers and clients, and employee job stability. Find out more at ISMS.online [https://www.isms.online/]

AI: Trust, Ethics, and Getting It Right from the Start

What happens when employees start using AI toolsfaster than organisations can govern them? In this episode of Phishing for Trouble, IO [https://www.isms.online/]’s Rebecca Harper and David Holloway explore why AI governance has quickly become a business-critical issue, from shadow AI and data privacy risks to accountability, trust and emerging regulation. They’re joined by Professor Andrea Isoni, who works with organisations navigating AI governance and risk and A-LIGN’s [https://www.a-lign.com/] Patrick Sullivan, VP of Strategy and Innovation, who advises businesses on AI strategy, governance and emerging technologies.   Hear why governance is no longer just about compliance, but about building resilience, visibility and trust as AI becomes embedded across organisations. Find out more at ISMS.online [https://www.isms.online/]   AI Governance hub: AI Governance | [https://www.a-lign.com/service/ai-governance-hub]ISO 42001Readiness Checklist: Guide to AI Compliance [https://www.a-lign.com/lp/iso-42001-checklist-uki?utm_source=google&utm_medium=cpc&utm_campaign=GS-UK-ISO42001-LowIntent-E&utm_term=iso%2042001%20checklist&utm_content=engine:google|campaignid:21677819469|adid:712871670133|gclid:Cj0KCQjwk_bPBhDXARIsACiq8R23q6WCxv2vFIfl5Vn3YBrzqXJKskTeThjE6KB54ciJNksjbihVnYwaAqNiEALw_wcB|adgroupid:164073734821|matchtype:e&gad_source=1&gad_campaignid=21677819469&gbraid=0AAAAADtWNIYYt13jizbgaU57rg9kyXnN4] Blog by Patrick Sullivan: Why AIGovernance Stopped Being Theoretical and What Leaders Must Do Next | A-LIGN [https://www.a-lign.com/articles/ai-governance-what-leaders-must-do-next]

Compliance: From Checkbox to Competitive Advantage

What happens when your biggest deal stalls at the final hurdle because procurement asks questions your business cannot answer? In this episode of Phishing for Trouble, IO [https://www.isms.online/]’s Rebecca Harper and David Holloway explore why compliance is now a commercial issue, not just a technical one.   They’re joined by Daniel Bailey from ECI Partners [https://www.ecipartners.com/] who spends his time helping ambitious companies grow, and the University of Oxford’s Professor Ciaran Martin - founding CEO of the UK National Cyber Security Centre [https://www.ncsc.gov.uk/] and one of the UK’s leading voices on cyber resilience.   Hear why “resilience” now shapes valuation, customer trust and long-term growth, from investor due diligence to cyber risk and boardroom accountability. Being compliant on paper can be one of the most expensive mistakes a business makes, but those companies building resilience in early are the ones moving fast, winning big and scaling smarter.  Find out more at ISMS.online [https://www.isms.online/]

Phishing for Trouble Returns This Thursday 14th May

Compliance, security, privacy, AI risk. There's a lot of noise out there, and not much of it is useful when you're the one having to do the work. Phishing for Trouble is the business resilience podcast from IO [https://www.isms.online/podcasts/] (ISMS.online), the platform thousands of teams use to manage compliance and build resilience day to day. Rebecca Harper and David Holloway talk to the security leaders, specialists and business experts they actually learn from, the kind of guests who give you something to take back to your team on Monday. Honest, practical, sometimes a bit awkward. Always useful.