Jack Woods

In this episode of InfoSec Insider, Jack Woods and Mark O’Kane, both Consultants at URM, take a deep dive on the ‘People’ controls theme in ISO 27001, and why these controls matter in today’s hybrid workplaces, how they strengthen information security, and what auditors look for during assessments.  Jack and Mark draw upon their extensive experience supporting organisations’ implementation of the Standard to discuss:

• How to balance the risk of potential insider threats against the downsides of overzealous background checks when implementing pre-employment screening
• The practical steps you can take to meaningfully enforce people controls beyond generic policies in the context of remote and hybrid work environments
• How to ensure incident reporting for information security is both mandatory and non-punitive, so employees feel safe to report without fear of reprisal
• The types of evidence auditors expect to see in a people controls-focused audit
• The risks that arise when people controls such as training or NDAs are not routinely reviewed/updated as working patterns or staff roles evolve.

In this episode of InfoSec Insider, Jack Woods, Consultant at URM, explores information risk assessment and risk treatment in the context of ISO 27001, the International Standard for Information Security Management Systems (ISMS’).  Jack leverages his extensive experience assisting organisations to implement an ISMS and certify to the Standard to discuss:

• The purpose of a risk assessment
• How risk fits into ISO 27001 and its requirements
• How to conduct an information security risk assessment
• The actions you can take to treat the risks you identify.