iso review podcast

Howard and Jim chat about ISO/IEC TS 27008:2019 - Guidelines for the assessment of Information Security Controls - Clause 6.2 Reourcing and Competence.

POINTS DISCUSSED

1. What are the key takeaways from the discussion on clause 6.2, resourcing and competence?
2. How does this standard help organizations to assess the effectiveness of their information security controls?
3. What are the skills and competencies required for information security auditors to conduct effective control assessments?
4. How do phishing attacks and social engineering tactics put organizations at risk, and what measures can be taken to mitigate these risks?
5. What were the main points in the discussion about the importance of thorough assessment and the need for adequate time to conduct these assessments?
6. How do ISO standards like 27001, 27002, 27005, 27007, and 27008 contribute to the overall management of information security in an organization?
7. What are the potential risks and benefits of engaging subject matter experts in information security auditing?
8. How can organizations work towards continuous improvement in their information security management system through regular audits and training?

LEARN MORE

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

UPCOMING EPISODE

Howard and Jim  Deep Dive into ISO/IEC TS 27008:2019 - Review Methods, Overview and Process Analysis  - Clause 7.1-7.2.

NEXT STEPS

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles
YouTube

Book Recommendations:

Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David Marquet

The Checklist Manifesto: How to Get Things Right by Atul Gawande

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

Jim Moran, Simplify ISO, ISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast, Howard Fox

#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcast

Note:  As an Amazon Associate, we earn from qualifying purchases.

Howard and Jim chat about ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.4 - 6.5.

POINTS DISCUSSED

1. How does the process of obtaining permission to access all areas and controls play into the effectiveness of an information security audit?
2. Why is it crucial for auditors to create a review checklist, and what should typically be included in this checklist?
3. In what ways do discussions with employees provide valuable insights into the efficacy of the information security management system?
4. How do auditors provide "reasonable assurance" about the achievement of information security goals?
5. How can organizations strike a balance between accepting a certain level of risk and ensuring adequate backup and protection to counter threats?
6. What are some of the latest trends in risk-based approaches to information security that organizations need to stay abreast of?
7. The importance of objective analysis and professional reporting during the audit, and what makes an auditor skilled in this aspect
8. What are the main challenges when ensuring that all employees understand and follow the established policies and procedures?
9. What resources and training should organizations prioritize to equip their teams for effective information security management?

LEARN MORE

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

UPCOMING EPISODE

Howard and Jim  Deep Dive into ISO/IEC TS 27008:2019 - Guidelines for the assessment of Information Security Controls - Clause 6.2, Resourcing and Competence.

NEXT STEPS

Please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles
YouTube

Book Recommendations:

Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David Marquet

The Checklist Manifesto: How to Get Things Right by Atul Gawande

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

ISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast

#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcast

Note:  As an Amazon Associate, we earn from qualifying purchases.

Howard and Jim chat about ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1 - 6.3.

POINTS DISCUSSED

1. What strategies can organizations employ to ensure that their procedures are not only being followed but are also working efficiently and effectively?
2. How do supply chain contracts affect information security activities, and what role does software play in managing these changes?
3. What are some of the risks involved with updates and changes in software, and how can planning and risk assessment help minimize those risks?
4. In the development of checklists for ISO standard compliance, what elements are crucial to include for proper evidence verification and results recording?
5. Discuss the importance of auditor preparedness, and how can an auditor prepare for assessing information security controls.
6. How an understanding of business process interconnectivity within the supply chain enhances an auditor's ability to assess information security controls.
7. Recommended resources for auditors and other professionals to stay informed about technical security standards and best practices.
8. The role of third-party tests and assessments in the overall audit process, and how should companies approach integrating these findings into their information security framework?

LEARN MORE

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

UPCOMING EPISODE

Howard and Jim  Deep Dive into ISO/IEC TS 27008:2019 - Guidelines for the Assessment of Information Security Controls - Clause 6, Part II.

NEXT STEPS

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles
YouTube

Book Recommendations:

Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David Marquet

The Checklist Manifesto: How to Get Things Right by Atul Gawande

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

ISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast

#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcast

Note:  As an Amazon Associate, we earn from qualifying purchases.