))
The ISO Review Podcast is a production of the SymplifyISO. In each episode, we share the latest International Standards Development, and is your resource for getting the most out of your management systems. Your podcast hosts are Howard Fox & Jim Moran. Howard is a Business Coach and Host of the Success InSight Podcast. Jim is an ISO Management System Professional, celebrating 30-plus years delivering ISO support.
…
continue reading
Welcome to "Uncommon Knowledge for Seniors," a podcast dedicated to empowering senior citizens with the insights they need for a fulfilling and secure retirement. Hosted by Jim Moran of Cascade Hasson Sotheby’s, this podcast covers everything from reverse mortgages to savvy real estate investments, providing actionable advice tailored for seniors. Tune in to learn about financial freedom, retirement planning, and more, all explained in an easy-to-understand, engaging manner with a touch of h ...
…
continue reading
1
ISO/IEC TS 27008:2019 - Clause 8.3: Conduction Reviews and Clause 8.4: Analysis and Reporting Results
31:19
31:19
Play later
Play later
Lists
Like
Liked
31:19
Howard and Jim chat about ISO/IEC TS 27008:2019 - Clause 8.3 - Conduction Reviews and Clause 8.4 - Analysis and Reporting Results. POINTS DISCUSSED The key components of clauses 8.3 and 8.4 of ISO 27008, and why are they critical for conclusions about the effectiveness of your information security management system. The importance of why auditors s…
…
continue reading
1
ISO/IEC TS 27008:2019 - Clause 8.2.9: Extended Review Procedures, 8.2.10: Optimization, and 8.2.11: Finalization
28:35
28:35
Play later
Play later
Lists
Like
Liked
28:35
Howard and Jim chat about ISO/IEC TS 27008:2019, Clause 8.2.9: Extended Review Procedures, 8.2.10: Optimization, and 8.2.11: Finalization. POINTS DISCUSSED Information Assets and Organization Extended Review Procedures Optimization Strategies Case Study Reflection Internal Auditing Organization-Specific Conditions Workflow Auditing Impact of Unexpe…
…
continue reading
1
ISO/IEC TS 27008:2019 - Clauses 8.2.6 Work Assignments, 8.2.7 External Systems, and 8.2.8 Information Assets and Organization
28:10
28:10
Play later
Play later
Lists
Like
Liked
28:10
Howard and Jim chat about ISO/IEC TS 27008:2019 - Clauses 8.2.6 Work Assignments, 8.2.7 External Systems, and 8.2.8 Information Assets and Organization. POINTS DISCUSSED The importance of thinking about information as an asset, and how can this mindset shift impact the effectiveness of an organization's information security management system . The …
…
continue reading
1
ISO/IEC TS 27008:2019: Clause 8.2.4 - Object-Related Procedures, and 8.2.5 - Previous Findings
27:14
27:14
Play later
Play later
Lists
Like
Liked
27:14
Howard and Jim chat about ISO/IEC TS 27008:2019 - Clause 8.2.4 - Object-Related Procedures, and 8.2.5 - Previous Findings POINTS DISCUSSED How has the role of information security management systems evolved over time, and what key changes have occurred in the past few years? What are some specific methods organizations can use to review their infor…
…
continue reading
By Jim Moran
…
continue reading
1
ISO/IEC TS 27008:2019 - Clause 8.2 - Planning the Assessment
25:12
25:12
Play later
Play later
Lists
Like
Liked
25:12
Howard and Jim chat about ISO/IEC TS 27008:2019 - Clause 8.2 - Planning the Assessment: Clauses 8.2.1, 8.2.2 and 8.2.3 POINTS DISCUSSED ISO/IEC TS 27008:2019 - Clause 8.2 - Planning the Assessment clauses 8.2.1, 8.2.2 and 8.2.3. Some common misconceptions people have about ISO standards. The importance of planning when assessing controls. How the "…
…
continue reading
1
ISO/IEC TS 27008:2019 - Clause 8.0 - Control Assessment Process: Clause 8.1 - Preparation
34:18
34:18
Play later
Play later
Lists
Like
Liked
34:18
Howard and Jim chat about ISO/IEC TS 27008:2019 - Clause 8.0 - Control Assessment Process: Clause 8.1 - Preparation. POINTS DISCUSSED Why is a thorough preparation essential for a successful ISO 27001 Annex A audit? How can management support and engagement influence the outcome of an ISO 27001 Annex A audit? What are the critical steps that organi…
…
continue reading
1
ISO/IEC TS 27008:2019 - Assessing Information Security Controls, Sampling Techniques - Clause 7.5
33:09
33:09
Play later
Play later
Lists
Like
Liked
33:09
Howard and Jim chat about ISO/IEC TS 27008:2019 - Assessing Information Security Controls, Sampling Techniques - Clause 7.5. POINTS DISCUSSED Introduction and Context The importance of neutrality and objectivity in selecting sample items for an audit. The criteria used to determine samples. The steps that should be taken after an audit to ensure ef…
…
continue reading
1
ISO/IEC TS 27008:2019 - Assessing Information Security Controls - Clauses 7.4.4 - 7.4.7
28:15
28:15
Play later
Play later
Lists
Like
Liked
28:15
Howard and Jim chat about ISO/IEC TS 27008:2019 - Assessing Information Security Controls, Testing and Validation Techniques - Clauses 7.4.4 - 7.4.7. POINTS DISCUSSED Introduction and Context Testing Techniques for ISO 27001 Systems - Annex A Controls The Importance of Information Security Testing Testing and Validation Techniques - Clauses 7.4.4 -…
…
continue reading
1
ISO/IEC TS 27008:2019 - Assessing Information Security Controls - Clauses 7.4.1 - 7.4.3
28:47
28:47
Play later
Play later
Lists
Like
Liked
28:47
Howard and Jim chat about ISO/IEC TS 27008:2019 - Assessing Information Security Controls, Testing and Validation Techniques - Clauses 7.4.1 - 7.4.3 POINTS DISCUSSED Introduction and Context Testing Techniques for ISO 27001 Systems Testing and Validation Techniques - Clause 7.4. The Importance of Information Security Testing Blind Testing & Double …
…
continue reading
1
ISO/IEC TS 27008:2019 - Review Methods, Overview, and Process Analysis - Clauses 7.1-7.3
27:34
27:34
Play later
Play later
Lists
Like
Liked
27:34
Howard and Jim chat about ISO/IEC TS 27008:2019 - Review Methods, Overview, and Process Analysis - Clauses 7.1-7.3. POINTS DISCUSSED What are the key takeaways from Jim's explanation of ISO 27008 and the review methods overview and process analysis discussed in the episode? How do you think the use of flowcharts to document procedures and audit con…
…
continue reading
1
Guidelines For The Assessment of Information Security Controls - Clause 6.2 Resourcing and Competence
27:34
27:34
Play later
Play later
Lists
Like
Liked
27:34
Howard and Jim chat about ISO/IEC TS 27008:2019 - Guidelines for the assessment of Information Security Controls - Clause 6.2 Reourcing and Competence. POINTS DISCUSSED What are the key takeaways from the discussion on clause 6.2, resourcing and competence? How does this standard help organizations to assess the effectiveness of their information s…
…
continue reading
1
ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.4 - 6.1.5.
29:05
29:05
Play later
Play later
Lists
Like
Liked
29:05
Howard and Jim chat about ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.4 - 6.1.5. POINTS DISCUSSED How does the process of obtaining permission to access all areas and controls play into the effectiveness of an information security audit? Why is it crucial for auditors to create a review checklist, and …
…
continue reading
1
ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.1 - 6.1.3
29:44
29:44
Play later
Play later
Lists
Like
Liked
29:44
Howard and Jim chat about ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.1 - 6.1.3. POINTS DISCUSSED What strategies can organizations employ to ensure that their procedures are not only being followed but are also working efficiently and effectively? How do supply chain contracts affect information secur…
…
continue reading
1
ISO/IEC TS 27008:2019 - Guidelines for the Assessment of Information Security Controls - Clause 5_Background
22:54
22:54
Play later
Play later
Lists
Like
Liked
22:54
Howard and Jim chat about ISO/IEC TS 27008:2019 - Guidelines for the Assessment of Information Security Controls - Clause 5_Background POINTS DISCUSSED What are the key takeaways from the discussion on ISO 27008 and its significance for organizations in terms of information security controls and guidelines? How do information security controls play…
…
continue reading
1
ISO/IEC TS 27008:2019 - Guidelines for the Assessment of Information Security Controls
30:21
30:21
Play later
Play later
Lists
Like
Liked
30:21
Howard and Jim chat about ISO/IEC TS 27008:2019 - Guidelines for the Assessment of Information Security Controls. Points discussed include: How do the ISO 27008 and ISO 27001 standards work together to enhance information security within organizations? Why is it important for organizations to have good monitoring systems in place, and what are some…
…
continue reading
1
Additional Observations and Benefits of Integrating an ISO 27001 Into an Existing ISO 9001 Quality Management System
26:27
26:27
Play later
Play later
Lists
Like
Liked
26:27
Howard and Jim chat about "Additional Observations and Benefits of Integrating an ISO 27001 Into an Existing ISO 9001 Quality Management System." Points discussed include: How can integrating ISO 27001 into an existing ISO 9001 system benefit an organization? What are the key differences between ISO 9001 and ISO 27001 in terms of structure and requ…
…
continue reading
1
Information Security in Supplier Contracts: ISO 27036 Part 2, Clause 7.5 - Supplier Termination Process
27:43
27:43
Play later
Play later
Lists
Like
Liked
27:43
Howard and Jim chat about ISO 27036-2, Clause 7.5 - Supplier Termination Process. Points discussed include: How important is it for organizations of all sizes to prioritize information security? What are some challenges organizations face when it comes to supplier relationship termination? How can ISO standards help organizations in managing their …
…
continue reading
1
Information Security in Supplier Contracts: ISO 27036 Part 2, Clause 7.4 - Supplier Relationship Management Process
27:06
27:06
Play later
Play later
Lists
Like
Liked
27:06
Howard and Jim chat about ISO 27036-2, Clause 7.4 - Supplier Relationship Management Process. Points discussed include: The importance for organizations to have a process for managing supplier relationships in terms of information security. The potential risks or vulnerabilities that organizations may face when it comes to information security in t…
…
continue reading
1
Information Security in Supplier Contracts: ISO 27036 Part 2, Clause 7.3 - Supplier Relationship Agreement
21:17
21:17
Play later
Play later
Lists
Like
Liked
21:17
Howard and Jim chat about ISO 27036-2, Clause 7.3 - Supplier Relationship Agreement Process. Points discussed include: How important it is for businesses to have supplier contracts that address information security? The key elements that should be included in an agreement to ensure information security. How can businesses effectively measure their …
…
continue reading
1
Cybersecurity in Supplier Relationships: ISO 27036 Part 2, Clause 7.2 - Supplier Selection Process
31:54
31:54
Play later
Play later
Lists
Like
Liked
31:54
Howard and Jim chat about ISO 27036-2, Clause 7.2 - Supplier Selection Process. Points discussed include: How can organizations effectively plan their supplier relationships to mitigate information security risks? What are some real-life examples of information security breaches and their impact on organizations? Why is it important for organizatio…
…
continue reading
1
Cybersecurity in Supplier Relationships: ISO 27036 Part 2, Clause 7.1 Supplier Relationship Planning Process
1:03:38
1:03:38
Play later
Play later
Lists
Like
Liked
1:03:38
Howard and Jim chat about ISO 27036-2, Clause 7.1 - Supplier Relationship Planning Process. Points discussed include: How do the ISO 27036 standards help protect against potential risks and ensure personal safety? What are some potential legal and regulatory issues that suppliers should be aware of in relation to information security impacts? Why i…
…
continue reading
1
ISO 27036 Part 2 - Clause 6 Unpacked: Information security in supplier relationship management
28:35
28:35
Play later
Play later
Lists
Like
Liked
28:35
Howard and Jim chat about ISO 27036 Part 2 - Clause 6 - Information security in supplier relationship management Points discussed include: How does the ISO Review podcast contribute to the understanding and implementation of ISO standards in various industries? What are some practical steps that companies can take to ensure information security in …
…
continue reading
1
Protecting Your Data: ISO 27036-1: Overview of Risks and Best Practices - Guidance for Supplier Relationships
28:35
28:35
Play later
Play later
Lists
Like
Liked
28:35
Howard and Jim chat about ISO 27036 Part I - Protecting Your Data: Overview of Understanding the Risks and Best Practices Guidance for Supplier Relationships. Points discussed include: Why is due diligence important when choosing suppliers? Why it's important to evaluate the security practices and capabilities of suppliers to make sure that they me…
…
continue reading
1
ISO 27008 Guidelines for Assessing Annex A Controls
24:11
24:11
Play later
Play later
Lists
Like
Liked
24:11
Howard and Jim chat about ISO 27008 Guidelines for Assessing Annex A Controls. Points discussed include: How many controls are required in ISO 27008? What are the seven steps outlined in ISO 27008 for measuring and assessing controls? How can ISO 27008 help organizations improve information security? What is the significance of continual improvemen…
…
continue reading
1
Competence Requirements For Information Security Management Systems Professionals
34:18
34:18
Play later
Play later
Lists
Like
Liked
34:18
Howard and Jim chat about Competence Requirements For Information Security Management Systems Professionals. Points discussed include: What is the importance of communication and documentation in auditing firms for ISMS professionals? How can auditors prepare for an audit, and what information should they request from the organizations being audite…
…
continue reading
1
Achieving ISO 27001 Certification: The Path to Success
28:46
28:46
Play later
Play later
Lists
Like
Liked
28:46
Howard and Jim chat about the Path to ISO 27001 Certification. Points discussed include: What is ISO 27001 and why do some organizations need certification in it? Do most organizations need to be certified in ISO 27001 to bid on projects in the future? What is the process for achieving ISO 27001 certification? Why is formalizing and structuring inf…
…
continue reading
1
ISO 27001:2022, Annex A - Clause 8: Technical Controls
24:34
24:34
Play later
Play later
Lists
Like
Liked
24:34
Howard and Jim chat about ISO 27001, Annex A - Technical Controls. Points discussed include a review of the 14 controls in Clause 8: Annex A, Clause Eight, Technical Controls Number of controls:34 (8.1 to 8.34) On Our Next Episode The Path to ISO 27001 Certification - Find out the steps you'll need to take to become Certified to ISO 27001:2022! Nex…
…
continue reading
1
ISO 27001:2022, Annex A - Clause 7: Physical Controls
38:39
38:39
Play later
Play later
Lists
Like
Liked
38:39
Howard and Jim chat about ISO 27001, Annex A - Physical Controls. Points discussed include a review of the 14 controls in Clause 7: Annex A, Clause Seven, Physical Controls Number of controls:14 (7.1 to 7.14) On Our Next Episode ISO 27001, Annex A - Clause 8 - Technology Controls. Next Steps - review your current situation against these controls to…
…
continue reading
1
ISO 27001:2022, Annex A - Clause 6: People Controls
32:06
32:06
Play later
Play later
Lists
Like
Liked
32:06
Howard and Jim chat about ISO 27001, Annex A - People Controls. Points discussed include a review of the 8 controls in Clause 6: Annex A, Clause Six, People Controls Number of controls: 8 (6.1 to 6.8) On Our Next Episode ISO 27001, Annex A - Clause 7 - Physical Controls. Next Steps - review your current situation against these controls to see if yo…
…
continue reading
1
ISO 27001:2022, Annex A - Clause 5: Organizational Controls
36:56
36:56
Play later
Play later
Lists
Like
Liked
36:56
Howard and Jim chat about ISO 27001, Annex A - Organization Controls. Points discussed include a review of the 37 controls in Clause 5: Annex A, Clause Five, Organizational Controls Number of controls: 37 (5.1 to 5.37) On Our Next Episode ISO 27001, Annex A - Clause 6 - People Controls. Next Steps - review your current practices against these contr…
…
continue reading
1
Root Cause Analysis Considerations For Your ISO 27001 Information Security Management System
24:22
24:22
Play later
Play later
Lists
Like
Liked
24:22
Howard and Jim chat about Root Cause Analysis Considerations For Your ISO 27001 Information Security Management System. Points discussed include: Root Cause Analysis Considerations Determine the Cause of the Nonconformance Contributing Issues Ishikawa Fishbone Diagram Integration With Annex A 4-Column Integration Table showing the Ishikawa Fishbone…
…
continue reading
1
Integration of an ISO 27001 into an existing ISO 9001 QMS
28:00
28:00
Play later
Play later
Lists
Like
Liked
28:00
Howard and Jim chat about the integration of an ISO 27001 into an existing ISO 9001 QMS. Points discussed include: ISO 9001 Quality Management Standard is the most prevalent in the world. It's been around since 1987 and there are over 2 million certificates worldwide in over 170 countries. Best Practice would be to integrate ISO 27001 into your exi…
…
continue reading
1
ISO 27001 Statement of Applicability Document
29:32
29:32
Play later
Play later
Lists
Like
Liked
29:32
Howard and Jim chat about the ISO 27001:2022 - Statement of Applicability (SoA) Items discussed include: The Statement of Applicability is required for ISO 27001 certification. It’s a statement that explains which Annex A security controls are — or aren’t — applicable to your organization’s Information Security Management System (ISMS). You can upd…
…
continue reading
1
ISO 27007 - Guidance for Information Security Management Systems Auditing
30:20
30:20
Play later
Play later
Lists
Like
Liked
30:20
Howard and Jim chat about ISO 27007 - Guidance for Information Security Management Systems Auditing. Items discussed include: Plan - Do - Check - Act Approach. Getting clients to ask their auditees if the procedure, the way it's been implemented, is getting them the results they want. The purpose of auditing is to see if you're getting the results …
…
continue reading
1
ISO 27005 - Managing Information Security Risks
32:36
32:36
Play later
Play later
Lists
Like
Liked
32:36
Howard and Jim chat about ISO 27005 - Managing Information Security Risks in this episode of the ISO Review Podcast. Items discussed include: Plan - Do - Check - Act Approach Identify the risk Analyze the naure and level of the risk Evaluate (low - medium - high ) the risk Select objectives and controls for the treatment of the risk Determine what …
…
continue reading
Howard and Jim review ISO 27002 - Security Techniques in this episode of the ISO Review Podcast. Items discussed include: Information security, cybersecurity and privacy protection — Information security controls Scope Normative References Terms, definitions, and abbreviated terms Structure of the Document Organizational controls (37) People contro…
…
continue reading
1
ISO 27001:2022 - Here's What to Look For...
31:21
31:21
Play later
Play later
Lists
Like
Liked
31:21
In this episode, Howard and Jim review the changes in ISO 27001:2022, Information Security Management Systems Requirements Items discussed include: ISO 27001 - Information Security Management System was the pioneer in what was first known as the High Level Structure, is now called the Harmonized Structure, as it was developed for all the other stan…
…
continue reading
1
Guidance for Improving your Internal Audits For an Information Security Management System
29:01
29:01
Play later
Play later
Lists
Like
Liked
29:01
Welcome to the ISO Review Podcast In this episode, Howard and Jim discuss, Guidance for Improving your Internal Audits for an Information Security Management System. Highlights include: Does the information security auditor have the proper security clearance to access documented information. Person Identifiable Information, or other sensitive infor…
…
continue reading
1
What You Need To Know to Become a Certified ISO Management System Professional
28:35
28:35
Play later
Play later
Lists
Like
Liked
28:35
Welcome to the ISO Review Podcast In this episode, Howard and Jim discuss, What You Need To Know to Become a Certified ISO Management System Professional. Items highlighted include: MSP Course #1 – ISO 9004:2018 – Sustainable Success MSP Course #2 – ISO 10004:2018 – Customer Satisfaction MSP Course #3 – ISO 31000:2018 – Risk Management MSP Course #…
…
continue reading
1
Your Path to Become a Certified Lead Auditor
29:40
29:40
Play later
Play later
Lists
Like
Liked
29:40
Welcome to the ISO Review Podcast In this episode, Howard and Jim discuss the path to become a Certified Lead Auditor. Points Covered How to become a Certified Lead Auditor. Who is the body that certifies lead auditors. What are the courses that need to be taken. What experience does a prospective auditor need to have. Idea for Our Next Episodes Wh…
…
continue reading
1
ISO 27001 - Auditing an Information Security Management System. What Specific Guidance is Available?
30:00
30:00
Play later
Play later
Lists
Like
Liked
30:00
Welcome to the ISO Review Podcast In this episode, Howard and Jim continue their conversation about ISO 27001, Information Security Management System (ISMS) to Manage Cyber Attacks, and unpack what specific guidance is available on how to perform an internal audit. Highlights Jim talks about the creation of the ISO 27007, Information Security, Cybe…
…
continue reading
1
ISO 27001 - What An Effective ISMS Implementation Plan Looks Like
25:40
25:40
Play later
Play later
Lists
Like
Liked
25:40
Welcome to the ISO Review Podcast In this episode, Howard and Jim continue their conversation about ISO 27001, Information Security Management System (ISMS) to Manage Cyber Attacks, and unpack what an effective ‘implementation Plan’ looks like. In our next and final episode of the series, we'll discuss using ISO 27007 as guidance for auditing an IS…
…
continue reading
1
ISO 27001 - The Benefits of an Information Security Management System
23:58
23:58
Play later
Play later
Lists
Like
Liked
23:58
Welcome to the ISO Review Podcast In this episode, Howard and Jim continue their conversation about ISO 27001, Information Security Management System (ISMS) to Manage Cyber Attacks, and unpack the benefits of implementing an ISMS. In our next epsiode, we'll discuss what an effective ‘implementation Plan’ looks like, follwed by the Specific Guidnace…
…
continue reading
1
How to Use ISO 27001 to Manage Cyber Attacks
20:40
20:40
Play later
Play later
Lists
Like
Liked
20:40
Welcome to the ISO Review Podcast In this episode, Howard and Jim chat about How to Use ISO 27001 to Manage Cyber Attacks. Points that will be covered during this episode and then discussed further in subsequent episodes, include: What does an ISMS look like? What are the benefits of an ISMS? What does an effective ‘implementation Plan’ look like? …
…
continue reading
1
Best of the International Management System Institute Newsletter - May 16 2022
17:10
17:10
Play later
Play later
Lists
Like
Liked
17:10
The ISO Review Podcast is a production of the International Management System Institute. The ISO Review Podcast shares the latest International Standards Development, and is your resource for getting the most out of your management systems. The Podcast is hosted by Howard Fox, Business Coach, and Host of the Success InSsight Podcast. He is joined b…
…
continue reading
