‹ All episodes

The ISO Review Podcast

ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.1 - 6.1.3

February 12, 2024 Jim Moran & Howard Fox Episode 33
ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.1 - 6.1.3
The ISO Review Podcast
More Info
The ISO Review Podcast
ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.1 - 6.1.3
Feb 12, 2024 Episode 33
Jim Moran & Howard Fox

Howard and Jim chat about ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.1 - 6.1.3.

POINTS DISCUSSED

  1. What strategies can organizations employ to ensure that their procedures are not only being followed but are also working efficiently and effectively?
  2. How do supply chain contracts affect information security activities, and what role does software play in managing these changes?
  3. What are some of the risks involved with updates and changes in software, and how can planning and risk assessment help minimize those risks?
  4. In the development of checklists for ISO standard compliance, what elements are crucial to include for proper evidence verification and results recording?
  5. Discuss the importance of auditor preparedness, and how can an auditor prepare for assessing information security controls.
  6. How an understanding of business process interconnectivity within the supply chain enhances an auditor's ability to assess information security controls.
  7. Recommended resources for auditors and other professionals to stay informed about technical security standards and best practices.
  8. The role of third-party tests and assessments in the overall audit process, and how should companies approach integrating these findings into their information security framework?

LEARN MORE

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

UPCOMING EPISODE

Howard and Jim  Deep Dive into ISO/IEC TS 27008:2019 - Guidelines for the Assessment of Information Security Controls - Clause 6, Part II.

NEXT STEPS

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles
YouTube

Book Recommendations:

Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David Marquet

The Checklist Manifesto: How to Get Things Right by Atul Gawande

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

ISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast

#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcast

Note:  As an Amazon Associate, we earn from qualifying purchases.

Apple Podcasts Spotify Amazon Music Podcast Index Overcast TuneIn + Alexa +
Show Notes

Howard and Jim chat about ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.1 - 6.1.3.

POINTS DISCUSSED

  1. What strategies can organizations employ to ensure that their procedures are not only being followed but are also working efficiently and effectively?
  2. How do supply chain contracts affect information security activities, and what role does software play in managing these changes?
  3. What are some of the risks involved with updates and changes in software, and how can planning and risk assessment help minimize those risks?
  4. In the development of checklists for ISO standard compliance, what elements are crucial to include for proper evidence verification and results recording?
  5. Discuss the importance of auditor preparedness, and how can an auditor prepare for assessing information security controls.
  6. How an understanding of business process interconnectivity within the supply chain enhances an auditor's ability to assess information security controls.
  7. Recommended resources for auditors and other professionals to stay informed about technical security standards and best practices.
  8. The role of third-party tests and assessments in the overall audit process, and how should companies approach integrating these findings into their information security framework?

LEARN MORE

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

UPCOMING EPISODE

Howard and Jim  Deep Dive into ISO/IEC TS 27008:2019 - Guidelines for the Assessment of Information Security Controls - Clause 6, Part II.

NEXT STEPS

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles
YouTube

Book Recommendations:

Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David Marquet

The Checklist Manifesto: How to Get Things Right by Atul Gawande

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

ISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast

#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcast

Note:  As an Amazon Associate, we earn from qualifying purchases.