‹ All episodes

The ISO Review Podcast

ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.4 - 6.1.5.

February 27, 2024 Jim Moran & Howard Fox Episode 34
ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.4 - 6.1.5.
The ISO Review Podcast
More Info
The ISO Review Podcast
ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.4 - 6.1.5.
Feb 27, 2024 Episode 34
Jim Moran & Howard Fox

Howard and Jim chat about ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.4 - 6.1.5.

POINTS DISCUSSED

  1. How does the process of obtaining permission to access all areas and controls play into the effectiveness of an information security audit?
  2. Why is it crucial for auditors to create a review checklist, and what should typically be included in this checklist?
  3. In what ways do discussions with employees provide valuable insights into the efficacy of the information security management system?
  4. How do auditors provide "reasonable assurance" about the achievement of information security goals?
  5. How can organizations strike a balance between accepting a certain level of risk and ensuring adequate backup and protection to counter threats?
  6. What are some of the latest trends in risk-based approaches to information security that organizations need to stay abreast of?
  7. The importance of objective analysis and professional reporting during the audit, and what makes an auditor skilled in this aspect
  8. What are the main challenges when ensuring that all employees understand and follow the established policies and procedures?
  9. What resources and training should organizations prioritize to equip their teams for effective information security management?

LEARN MORE

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

UPCOMING EPISODE

Howard and Jim  Deep Dive into ISO/IEC TS 27008:2019 - Guidelines for the assessment of Information Security Controls - Clause 6.2, Resourcing and Competence.

NEXT STEPS

Please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles
YouTube

Book Recommendations:

Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David Marquet

The Checklist Manifesto: How to Get Things Right by Atul Gawande

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

ISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast

#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcast

Note:  As an Amazon Associate, we earn from qualifying purchases.

Apple Podcasts Spotify Amazon Music Podcast Index Overcast TuneIn + Alexa +
Show Notes

Howard and Jim chat about ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.4 - 6.1.5.

POINTS DISCUSSED

  1. How does the process of obtaining permission to access all areas and controls play into the effectiveness of an information security audit?
  2. Why is it crucial for auditors to create a review checklist, and what should typically be included in this checklist?
  3. In what ways do discussions with employees provide valuable insights into the efficacy of the information security management system?
  4. How do auditors provide "reasonable assurance" about the achievement of information security goals?
  5. How can organizations strike a balance between accepting a certain level of risk and ensuring adequate backup and protection to counter threats?
  6. What are some of the latest trends in risk-based approaches to information security that organizations need to stay abreast of?
  7. The importance of objective analysis and professional reporting during the audit, and what makes an auditor skilled in this aspect
  8. What are the main challenges when ensuring that all employees understand and follow the established policies and procedures?
  9. What resources and training should organizations prioritize to equip their teams for effective information security management?

LEARN MORE

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

UPCOMING EPISODE

Howard and Jim  Deep Dive into ISO/IEC TS 27008:2019 - Guidelines for the assessment of Information Security Controls - Clause 6.2, Resourcing and Competence.

NEXT STEPS

Please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles
YouTube

Book Recommendations:

Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David Marquet

The Checklist Manifesto: How to Get Things Right by Atul Gawande

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

ISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast

#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcast

Note:  As an Amazon Associate, we earn from qualifying purchases.