ISO 27001 – Auditing an Information Security Management System: What Specific Guidance is Available?

In this episode, Howard and Jim continue their conversation about ISO 27001, Information Security Management System (ISMS) to Manage Cyber Attacks, and unpack what specific guidance is available on how to perform an internal audit.

Highlights

Jim talks about the creation of the ISO 27007, Information Security, Cyber Security, and Privacy Protection, released in 2020, which provide guidelines for information security management systems auditing.

Audit Takeaways

1.  Are we getting the results we want?
2.  Are we managing risks related to this activity?
3.  Is there anything the auditee can think of that would help make their life better relative to the safety we want to have around information security?

Listen Now