In this episode of InfoSec Insider, Jack Woods and George Ryan, both Consultants at URM, share their insights on how organisations can achieve strong information security governance and asset management that facilitate conformance to ISO 27001, the International Standard for Information Security Management Systems (ISMS). Jack and George draw on their extensive experience supporting organisations’ ISO 27001 certifications to discuss:
- How to transform high-level information security policies into day-to-day behaviour across teams, and who should own information security within organisations
- Defining clear information security roles and responsibilities, and how to overcome the practical challenges of implementing segregation of duties
- What best practice looks like when maintaining contact with authorities, special interest groups, and threat intelligence
- The importance of integrating information security into project management
- How to produce usable (rather than bureaucratic) documented operating procedures that reduce operational risk
- Effective information handling and asset management, from inventorying assets and acceptable use through to classification and labelling of information.
Ask Jack and George a question:
https://www.urmconsulting.com/podcasts/information-security-governance-compliance-and-asset-management
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
