InfoSec Insider

By URM Consulting

The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things informati... more

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about InfoSec Insider:

How many episodes does InfoSec Insider have?

The podcast currently has 38 episodes available.

InfoSec Insider episodes:

May 15, 2025Sharing Personal Data With the Police
In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Data Protection Consultant at URM, breaks down the General Data Protection Regulation’s (GDPR’s) requirements for organisations that need to share personal data with the police in order to report a crime, or following a request for data to assist with an investigation. Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:  
The legislative framework governing police access to personal data, including Part 3 of the Data Protection Act 2018
The lawful bases under the UK GDPR for sharing personal data with the police, and when each may apply
Considerations for compliance with the purpose limitation and data minimisation principles when providing the police with personal data
What to consider when sharing special category and criminal offence data with the police, including applicable conditions under the DPA 2018
Whether individuals need to be informed of any data sharing
Practical guidance on how to ensure any data shared is lawful, proportionate, and compliant with the data protection principles.
Learn more about this topic: https://www.urmconsulting.com/blog/sharing-personal-data-with-the-police
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:    https://ratethispodcast.com/infosecinsider 
You can find more episodes of InfoSec Insider here:  
https://urmconsulting.com/podcasts 
Brought to you by URM, the UK’s leading information and cyber security specialists.  
...more
16min
May 08, 2025ISO 27001 Audits
In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, explains the steps organisations can take to effectively plan, conduct, and action an ISO 27001 internal audit. Wayne draws upon 30+ years of experience in the information security and risk management field to discuss:
The key things to remember when planning your audit programme and to plan specific audits
His tips for auditors when they are conducting audits
The key considerations when reporting on audit results
When you may need to follow-up on audit findings and when you can consider an audit closed.
Learn more about this topic: https://youtu.be/5nFz8nhIZdE
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here:
https://urmconsulting.com/podcasts 
Brought to you by URM, the UK’s leading information and cyber security specialists.    
...more
24min
May 01, 2025People Controls in ISO 27001
In this episode of InfoSec Insider, Frazer Grudgings, Senior Consultant at URM, provides key insights on the ‘People’ control theme of ISO 27001’s Annex A, which are measures organisations can implement to protect employees and influence their behaviour in relation to information security. Frazer leverages his over 15 years of experience in the information security field to discuss:
Why ‘people controls’ warrants its own control theme
How screening and pre-employment policies can help
His hints and tips for effectively implementing the people controls and for a successful people controls audit.
Learn more about this topic: https://www.urmconsulting.com/blog/implementing-and-auditing-people-controls-from-iso-27001-2022
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider 
You can find more episodes of InfoSec Insider here:   https://urmconsulting.com/podcasts 
Brought to you by URM, the UK’s leading information and cyber security specialists.  
...more
22min
April 24, 2025ISO 13485 Explained
In this episode of InfoSec Insider, Stuart Moran, Senior Consultant at URM, offers essential advice on ISO 13485, the International Standard for Medical Devices Quality Management Systems (MDQMS). Stuart draws upon over 20 years of experience in managing organisation-wide management systems to discuss:
What ISO 13485 is and why it’s important for regulatory compliance
Which organisations ISO 13485 is applicable to, including medical device manufacturers and their suppliers
When you should consider implementing ISO 13485
How and why ISO 13485 differs from other management system standards you may have implemented
Aligning and integrating other ISO standards activities and documentation with ISO 13485 requirements
Whether the current, very significant changes to US federal agencies will impact the Food and Drug Administration’s (FDA’s) move to align their regulation with ISO 13485.
Learn more about this topic: https://www.urmconsulting.com/blog/iso-13485-medical-devices-quality-management-system-explained
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider 
You can find more episodes of InfoSec Insider here:  
https://urmconsulting.com/podcasts 
Brought to you by URM, the UK’s leading information and cyber security specialists.  
...more
10min
April 17, 2025Are you processing special category data without knowing it?
In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Consultant at URM, explains the General Data Protection Regulation’s (GDPR’s) requirements around special category personal data, and how organisations can ensure they are not processing it unknowingly or unnecessarily. Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:  
What the GDPR defines as ‘special category data’ and the extra protections it affords to this type of personal data
The Information Commissioner’s Office’s (ICO’s) guidance on inferring special category data
Real-world Court of Justice of the European Union (CJEU) judgements that relate to the inferring or inadvertent collection of special category data, and what can be learned from these judgements
How you may be processing special category data unknowingly, and the steps you can take to avoid noncompliance.
Learn more about this topic: https://www.urmconsulting.com/blog/are-you-processing-special-category-personal-data-without-knowing-it
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider 
You can find more episodes of InfoSec Insider here:  
https://urmconsulting.com/podcasts 

Brought to you by URM, the UK’s leading information and cyber security specialists.  
...more
17min
April 10, 2025The Impact of AI on PCI DSS Compliance
In this episode of InfoSec Insider, Alastair Stewart, Senior Consultant and Qualified Security Assessor (QSA) at URM, explores the ways in which artificial intelligence (AI) tools and systems can be leveraged for compliance with the Payment Card Industry Data Security Standard (PCI DSS). Alastair draws upon over a decade of experience with the PCI DSS to discuss:
PCI DSS basics – what the PCI DSS is, which organisations need to comply, and how compliance the Standard is assessed
How AI can help secure cardholder data – the use cases for AI within the PCI DSS and the areas of PCI DSS compliance that AI can enhance
How AI can assist with your PCI DSS assessment – the ways in which AI can and cannot be used to enhance and streamline evidence collection and assessments
The future of the PCI DSS in relation to AI.
Learn more about this topic: https://www.urmconsulting.com/blog/the-impact-of-ai-on-pci-dss-compliance
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   

Brought to you by URM, the UK’s leading information and cyber security specialists.    
...more
20min
April 03, 202510 Top Tips for Maintaining Information and Cyber Security While Homeworking
In this episode of InfoSec Insider, Frazer Grudgings, Senior Consultant at URM, shares his top 10 tips on how to embed key cyber security practices and maintain the security of your organisation’s information assets whilst working remotely, whether that be from home or another location. Frazer draws upon 15+ years in the information security field to explain the importance of and how to implement the following best practices:
Keeping assets out of sight
Using strong passwords on company devices and accounts
Ensuring your device is full patched
Maintaining the security of your home Wi-Fi connection and router
Setting up a separate virtual network (where necessary)
And many more!
Learn more about this topic:
https://www.urmconsulting.com/blog/10-top-tips-for-maintaining-information-and-cyber-security-when-homeworking

If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider 

You can find more episodes of InfoSec Insider here:  
https://urmconsulting.com/podcasts 

Brought to you by URM, the UK’s leading information and cyber security specialists.  
...more
22min
March 27, 2025SOC 2 Explained
In this episode of InfoSec Insider, Chris Heighes, Senior Consultant at URM, breaks down the System and Organization Controls 2 (SOC 2), an information security framework aimed at providing assurance to a service provider’s clients that their data is stored and processed in a secure manner. Chris leverages his 15+ years of experience in the information security space to discuss:
Which organisations should be considering a SOC 2 audit
What a SOC 2 audit involves
The benefits of having a SOC 2 report
The challenges an organisation may face when preparing for their first SOC 2 audit.
Learn more about this topic: https://www.urmconsulting.com/blog/soc-2-explained
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   
Brought to you by URM, the UK’s leading information and cyber security specialists.   
...more
16min
March 20, 2025PCI DSS V4.0 – How to Reduce Your PCI DSS Scope
In this episode of InfoSec Insider, Alastair Stewart, Senior Consultant and Qualified Security Assessor (QSA) at URM, provides key advice and guidance on the steps organisations can take to streamline and reduce their Payment Card Industry Data Security Standard (PCI DSS) scope. Alastair leverages more than a decade of experience with the PCI DSS to discuss:
What the PCI DSS defines as ‘in scope’, what system components are and how you can assess the scope of individual systems
The benefits of reducing your scope
How you can go about reducing your scope, including a comprehensive breakdown of the different scope reduction methods available to you, including segmentation, encryption, outsourcing, and more.
Learn more about this topic: https://www.urmconsulting.com/blog/5-ways-to-reduce-your-pci-dss-scope
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   
Brought to you by URM, the UK’s leading information and cyber security specialists.     
...more
17min
March 13, 2025New Government Proposal to Prevent Organisations From Paying Ransomware Demands
In this episode of InfoSec Insider – Talk Cyber, Stuart Skelly, Senior Consultant at URM, explains a recently announced consultation by the UK government into proposals by the Home Office, which would increase its control and visibility of ransomware attacks on organisations operating in the UK. Stuart leverages his extensive legal background and experience as a governance, risk and compliance consultant to discuss:
What is meant by ransomware and a ransomware cyber attack
The Home Office’s proposals – what they are and which organisations they would affect if they come into force
The complications and challenges these proposals could create
How interested organisations can send a response to the Home Office.
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   
Brought to you by URM, the UK’s leading information and cyber security specialists.    
...more
19min

FAQs about InfoSec Insider:

How many episodes does InfoSec Insider have?

The podcast currently has 38 episodes available.