InfoSec Insider

URM Consulting
  • 5.0 (2)
  • MANAGEMENT
  • UPDATED WEEKLY

The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more. In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (BIA). Enhance your understanding and professional skillset with the InfoSec Insider podcast, brought to you by URM, the UK’s leading provider of cyber security and governance, risk management and compliance consultancy.

  1. 3 HR AGO

    GDPR Compliance and BYOD

    In this episode of InfoSec Insider – Talk DP, Aimee Brown and Rachael Salter, both Consultants at URM, break down the data protection compliance issues that arise from the use of bring your own device (BYOD) within organisations, and how these can be overcome.  Aimee and Racheal draw on over 20 years’ combined data protection experience to discuss: Why BYOD has become so common, and why it still catches organisations out Where legal and regulatory risks arise with BYOD How BYOD increases data subject access request (DSAR), breach, and dispute risk What a proportionate, people-aware approach to BYOD looks like How regulators and insurers are likely to view BYOD going forward. Ask Rachael and Aimee a question: https://www.urmconsulting.com/podcasts/gdpr-compliance-and-byod   If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider           You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts           Connect with us on LinkedIn    Brought to you by URM, the UK’s leading information and cyber security specialists.

    31 min

  2. 14 MAY

    AI Supplier Management

    In this episode of InfoSec Insider, Jack Woods and George Ryan, both Consultants at URM, share their insights on how organisations can effectively manage AI suppliers and navigate the emerging risks associated with artificial intelligence in the supply chain. Jack and George draw on their experience supporting organisations with AI governance and supplier risk management to discuss: What AI supplier management is and how it differs from traditional supplier management, including the impact of rapidly evolving AI models and changing service structures The key risks associated with AI suppliers, such as data leakage, unauthorised model training, hallucinations, bias, and compliance challenges The growing issue of shadow AI, and how a lack of visibility over employee use of AI tools can introduce significant security and governance risks How organisations can adapt due diligence processes to assess AI suppliers, including evaluating data handling practices, model governance, human oversight, and security maturity Contractual and governance considerations, such as restricting data use, ensuring transparency on model updates, and defining audit and incident response expectations The importance of understanding extended AI supply chains, including dependencies on underlying models and fourth-party providers Why AI supplier management must be treated as an ongoing activity, with continuous monitoring, internal communication, and reassessment of risk as technologies evolve Ask Jack and George a question: https://www.urmconsulting.com/podcasts/aI-supplier-management   If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider             You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts             Brought to you by URM, the UK’s leading information and cyber security specialists.

    22 min

  3. 7 MAY

    Understanding Relevant Risks

    In this episode of InfoSec Insider, Wayne Armstrong, Senior Information Security Consultant and Consultant Manager at URM, breaks down the fundamentals of effective information security risk assessment and treatment.  Wayne draws upon over 30 years of experience in IT, information security and risk management to discuss: What ‘risk’ actually is How to define a risk and the three component parts that are needed for a risk to exist How to assign value to a risk How to prioritise risks and determine which can be set aside, as well as how these priorities differ between organisations depending on context The risk treatment options available, and the need to revisit your risk assessment. Learn more about this topic: https://www.urmconsulting.com/blog/information-security-risk-assessment-and-treatment-understanding-relevant-risks If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider         You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts       Brought to you by URM, the UK’s leading information and cyber security specialists.

    15 min

  4. 30 APR

    Zero Trust Architecture in PCI DSS

    In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, share their insights on zero trust architecture and its use when complying with the Payment Card Industry Data Security Standard (PCI DSS).  Alastair and Tibor leverage 30 years’ combined experience with the PCI DSS to discuss: What ‘zero trust’ is Whether organisations with zero trust still need segmentation, or whether identity is enough How to prove least privilege when access is dynamic and granted on demand, and how to handle sampling for PCI DSS evidence when access changes continuously The biggest zero trust implementation mistakes that cause PCI DSS challenges later Which logs matter most to prove that zero trust is actually protecting the cardholder data environment (CDE) And much more. Ask Alastair and Tibor a question:   https://urmconsulting.com/podcasts/zero-trust-architecture-in-pci-dss If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider         You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts         Connect with us on LinkedIn Brought to you by URM, the UK’s leading information and cyber security specialists.

    28 min

  5. 23 APR

    The DSAR Reviewer’s Toolbox

    In this episode of InfoSec Insider – Talk DP, Rachael Salter and Aimee Brown, both Consultants at URM, discuss context and redaction in handling data subject access requests (DSARs), and how reviewers can use these to fulfil requests in full compliance with the General Data Protection Regulation (GDPR).  Aimee and Rachel leverage 20 years’ combined experience in data protection to discuss: Why redaction the part of DSAR handling that so often goes wrong for organisations How reviewers can distinguish between personal data, mixed data, and information that should not be disclosed The biggest challenges when handling DSARs involving unstructured datasets like email chains, chat logs, or call notes Some of the common redaction mistakes organisations make, and lessons learned from real cases The practical steps organisations can take to improve the quality and defensibility of their redactions. Ask Rachael and Aimee a question: https://urmconsulting.com/podcasts/the-dsar-reviewers-toolbox If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider        You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts         Connect with us on LinkedIn   Brought to you by URM, the UK’s leading information and cyber security specialists.

    43 min

  6. 16 APR

    Identity and Access Management

    In this episode of InfoSec Insider, George Ryan and Jack Woods, both Consultants at URM, share their insights on identity and access management (IAM), and the steps organisations can take to ensure their IAM is secure and resilient.  Jack and George leverage their extensive experience supporting organisations’ strengthen their information security to discuss: What IAM is, whether it just covers employees, and how it works The components that may feature as part of effective IAM, such as multi-factor authentication (MFA), single sign-on (SSO), monitoring and auditing, etc. Why it is important to enforce IAM best practices The problems around IAM that may arise in the future as a result of developing trends and technologies. Ask Jack and George a question If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider           You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts      Brought to you by URM, the UK’s leading information and cyber security specialists.

    22 min

  7. 9 APR

    Clause 6.3 of ISO 27001: The Importance of Planned ISMS Change Management

    In this episode of InfoSec Insider, Neil Jones, Senior Consultant at URM, provides key insights on achieving and maintaining conformance to Clause 6.3 (Planning of changes) of ISO 27001, the International Standard for Information Security Management Systems (ISMS’).  Neil leverages over 20 years of real-world information security knowledge and experience to discuss: What Clause 6.3 is and why planned ISMS change management is so important The common mistakes organisations make when planning ISMS changes under Clause 6.3 The seven practical actions he recommends for effective implementation of Clause 6.3, which of these actions organisations most frequently overlook, and why How to determine whether your existing change management processes are suitable for Clause 6.3 conformance. Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-clause-6-3-the-importance-of-planned-isms-change-management If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider       You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts    Brought to you by URM, the UK’s leading information and cyber security specialists.

    6 min

  8. 2 APR

    Cyber Security Expectations in the Medical Supply Chain

    In this episode of InfoSec Insider – Talk Cyber, Stuart Moran and George Ryan, Consultants at URM, explore recent shifts in cyber security expectations and regulatory requirements faced by organisations in the medical supply chain, both in the UK and across the globe.  Stuart and George leverage their extensive experience helping organisations in the medical sector enhance information and cyber security to discuss:    The NHS’ recent open letter to suppliers, which highlights tighter scrutiny and more direct engagement, and what this means for NHS suppliers Which of the NHS’ new cyber security requirements for suppliers (MFA, continuous monitoring and immutable backups) will be most challenging to embed and why The biggest gaps and understanding or readiness among suppliers implementing the Data Security and Protection Toolkit (DSPT), and the practical differences between Categories 2 and 3 of the DSPT How shifts in standards such as ISO 13485 and the broader medical device regulatory landscape will influence suppliers’ design and manufacturing of their products, particularly around software and AI How the FDA’s power to deny market access to medical devices with insufficient cyber security may impact UK suppliers operating internationally, and whether this hints at a broader, global trend towards stricter cyber controls.   Learn more about this topic: https://www.urmconsulting.com/blog/iso-13485-and-beyond-key-updates-shaping-the-medical-device-regulatory-landscape  https://www.urmconsulting.com/blog/nhs-cyber-security-open-letter-what-does-it-mean-for-suppliers   If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider             You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts           Brought to you by URM, the UK’s leading information and cyber security specialists.

    21 min
See All (86)

Ratings & Reviews

5
out of 5
2 Ratings

About

The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more. In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (BIA). Enhance your understanding and professional skillset with the InfoSec Insider podcast, brought to you by URM, the UK’s leading provider of cyber security and governance, risk management and compliance consultancy.

Information

  • Creator
    URM Consulting
  • Years Active
    2024 - 2026
  • Episodes
    86
  • Rating
    Clean
  • Copyright
    © Copyright 2024 URM Consulting. All rights reserved.
  • Show Website
    InfoSec Insider

You Might Also Like