The ISO Review Podcast Jim

Howard and Jim chat about ISO/IEC TS 27008:2019 - Clause 8.0 - Control Assessment Process: Clause 8.1 - Preparation.POINTS DISCUSSEDWhy is a thorough preparation essential for a successful ISO 27001 audit?How can management support and engagement influence the outcome of an ISO 27001 audit?What are the critical steps that organizations must complete before an ISO 27001 audit?What are the key components of an effective audit plan, and why are they important?How does communication play a ...

Howard and Jim chat about ISO/IEC TS 27008:2019 - Assessing Information Security Controls, Sampling Techniques - Clause 7.5.POINTS DISCUSSEDIntroduction and ContextThe importance of neutrality and objectivity in selecting sample items for an audit.The criteria used to determine samples.The steps that should be taken after an audit to ensure effective communication of results and implementation of corrective actions.The implications when auditors focus on conformance rather than looking for no...

Howard and Jim chat about ISO/IEC TS 27008:2019 - Assessing Information Security Controls, Testing and Validation Techniques - Clauses 7.4.4 - 7.4.7.POINTS DISCUSSEDIntroduction and ContextTesting Techniques for ISO 27001 Systems - Annex A ControlsThe Importance of Information Security TestingTesting and Validation Techniques - Clauses 7.4.4 - 7.4.7 Grey Box Testing, Double Grey Box Testing, Tandem Testing, and Reversal.Preparations an auditor make prior to conducting any form of testing...

Howard and Jim chat about ISO/IEC TS 27008:2019 - Assessing Information Security Controls, Testing and Validation Techniques - Clauses 7.4.1 - 7.4.3POINTS DISCUSSEDIntroduction and ContextTesting Techniques for ISO 27001 SystemsTesting and Validation Techniques - Clause 7.4.The Importance of Information Security TestingBlind Testing & Double Blind TestingPreparations an auditor make prior to conducting any form of testing on an information security management LEARN MOREClick here to ...

Howard and Jim chat about ISO/IEC TS 27008:2019 - Review Methods, Overview, and Process Analysis - Clauses 7.1-7.3.POINTS DISCUSSEDWhat are the key takeaways from Jim's explanation of ISO 27008 and the review methods overview and process analysis discussed in the episode?How do you think the use of flowcharts to document procedures and audit controls can benefit organizations in assessing their security controls as per ISO standards?What are some effective communication skills that an a...

Howard and Jim chat about ISO/IEC TS 27008:2019 - Guidelines for the assessment of Information Security Controls - Clause 6.2 Reourcing and Competence.POINTS DISCUSSEDWhat are the key takeaways from the discussion on clause 6.2, resourcing and competence?How does this standard help organizations to assess the effectiveness of their information security controls?What are the skills and competencies required for information security auditors to conduct effective control assessments?How do phish...