New Podcast: Jim Moran & Howard Fox Episode: 31 ISO/IEC TS 27008:2019 – Guidelines for the Assessment of Information Security Controls

By Rick Herman | January 10, 2024
Howard and Jim chat about ISO/IEC TS 27008:2019 – Guidelines for the Assessment of Information Security Controls.

Points discussed include:

  1. How do the ISO 27008 and ISO 27001 standards work together to enhance information security within organizations?
  2. Why is it important for organizations to have good monitoring systems in place, and what are some key considerations for setting up effective monitoring?
  3. What are the controls outlined in ISO 27008, and how do they contribute to improving risk management and stakeholder approval?
  4. In what ways can artificial intelligence be utilized to identify risks and enhance the monitoring of information security controls within organizations?
  5. How does the ISO 27008 standard contribute to providing assurance to stakeholders such as customers, partners, and regulatory bodies regarding an organization’s robust information security management process?
  6. How can organizations effectively integrate the assessment of controls outlined in ISO 27008 with other ISO standards, such as ISO 27001 and ISO 27002?
  7. What role do people and training play in maintaining the security of information within organizations?
  8. What are some best practices for conducting internal audits to assess the effectiveness of Annex A controls, risk management, and improvement opportunities within an organization’s information security management system?

Listen Now

Complimentary ISO Resources

Click here to try Conformance1’s free online ISO 27001 Gap Checklist.

Posted in Uncategorized