ISO 27001 Information Security Management Controls

In this episode of InfoSec Insider, Mark O’Kane, Consultant at URM, offers his insights into the information security management controls within Annex A of ISO 27001, which comprise the first eight controls of Annex A’s ‘Organisational’ control theme.  Mark leverages his extensive experience supporting ISO 27001 implementations to discuss:

• What the organisational controls are, and how the first eight fit into the overall aim of the ‘Organisational’ control theme
• The role of management and senior leadership in relation to information security, and how leadership is linked to the creation of information security policies
• The importance of segregation of duties and clearly defined roles and responsibilities in addressing information security risk
• How maintaining contact with authorities, special interest groups, and threat intelligence sources can help you address both security risks that may materialise and security incidents that have occurred
• Common challenges and mistakes associated with implementing these controls, and how they can be overcome.

Learn more about this topic:  https://www.urmconsulting.com/blog/iso-27001-2022-a-5-organisational-controls-information-security-management

If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider  

You can find more episodes of InfoSec Insider here:   

https://urmconsulting.com/podcasts  

Brought to you by URM, the UK’s leading information and cyber security specialists.