‹ All episodes

The ISO Review Podcast

ISO/IEC TS 27008:2019 - Review Methods, Overview, and Process Analysis - Clauses 7.1-7.3

April 02, 2024 Jim Moran & Howard Fox Episode 36
ISO/IEC TS 27008:2019 - Review Methods, Overview, and Process Analysis - Clauses 7.1-7.3
The ISO Review Podcast
More Info
The ISO Review Podcast
ISO/IEC TS 27008:2019 - Review Methods, Overview, and Process Analysis - Clauses 7.1-7.3
Apr 02, 2024 Episode 36
Jim Moran & Howard Fox

Howard and Jim chat about ISO/IEC TS 27008:2019 - Review Methods, Overview, and Process Analysis  - Clauses 7.1-7.3.

POINTS DISCUSSED

  1. What are the key takeaways from Jim's explanation of ISO 27008 and the review methods overview and process analysis discussed in the episode?
  2. How do you think the use of flowcharts to document procedures and audit controls can benefit organizations in assessing their security controls as per ISO standards?
  3. What are some effective communication skills that an auditor should possess when reviewing controls, and why are these skills crucial for the auditing process?
  4. In the context of information security controls, what are your thoughts on the importance of testing and validation techniques in ensuring the effectiveness of controls without risking the security of the system?
  5. How can the analysis of processes and activities help organizations in managing risks and finding ways to improve their control systems as per ISO 27001?
  6. Jim mentioned the importance of reviewing mechanisms, system operations, administrative processes, and physical security measures. How can organizations ensure comprehensive assessment of these aspects while adhering to ISO standards?
  7. The episode discussed the need to obtain verifiable evidence through interviews, inspections, observations, and analysis. In your opinion, what are some effective ways to gather such evidence during an audit?

LEARN MORE

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

UPCOMING EPISODES

Howard and Jim  continue to deep dive into ISO/IEC TS 27008:2019 - Review Methods: General, Blind testing and Double blind testing  - Clauses 7.4.1- 7.4.3.

NEXT STEPS

Please follow us on your preferred podcast directory. We appreciate your likes & comments, and shares.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles
YouTube

Book Recommendations:

Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David Marquet

The Checklist Manifesto: How to Get Things Right by Atul Gawande

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

ISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast, Jim Moran

#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcast

Note:  As an Amazon Associate, we earn from qualifying purchases.

Apple Podcasts Spotify Amazon Music Podcast Index Overcast TuneIn + Alexa +
Show Notes

Howard and Jim chat about ISO/IEC TS 27008:2019 - Review Methods, Overview, and Process Analysis  - Clauses 7.1-7.3.

POINTS DISCUSSED

  1. What are the key takeaways from Jim's explanation of ISO 27008 and the review methods overview and process analysis discussed in the episode?
  2. How do you think the use of flowcharts to document procedures and audit controls can benefit organizations in assessing their security controls as per ISO standards?
  3. What are some effective communication skills that an auditor should possess when reviewing controls, and why are these skills crucial for the auditing process?
  4. In the context of information security controls, what are your thoughts on the importance of testing and validation techniques in ensuring the effectiveness of controls without risking the security of the system?
  5. How can the analysis of processes and activities help organizations in managing risks and finding ways to improve their control systems as per ISO 27001?
  6. Jim mentioned the importance of reviewing mechanisms, system operations, administrative processes, and physical security measures. How can organizations ensure comprehensive assessment of these aspects while adhering to ISO standards?
  7. The episode discussed the need to obtain verifiable evidence through interviews, inspections, observations, and analysis. In your opinion, what are some effective ways to gather such evidence during an audit?

LEARN MORE

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

UPCOMING EPISODES

Howard and Jim  continue to deep dive into ISO/IEC TS 27008:2019 - Review Methods: General, Blind testing and Double blind testing  - Clauses 7.4.1- 7.4.3.

NEXT STEPS

Please follow us on your preferred podcast directory. We appreciate your likes & comments, and shares.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles
YouTube

Book Recommendations:

Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David Marquet

The Checklist Manifesto: How to Get Things Right by Atul Gawande

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

ISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast, Jim Moran

#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcast

Note:  As an Amazon Associate, we earn from qualifying purchases.