Jack is an experienced information security consultant who has been heavily involved in implementing both information security management systems (ISMS’)and integrated management systems (IMS). Jack has gained experience in all aspects of implementing ISO 27001:2022 working as an outsourced ISMS Manager, including:
- Conducting gap analyses and risk assessments,
- Developing a suite of policies and processes
- Developing and delivering staff awareness training
- Planning and conducting internal audits.
InfoSec Insider
Season
1
, Episode
41
Information Risk Assessment and Treatment in ISO 27001
In this episode of InfoSec Insider, Jack Woods, Consultant at URM, explores information risk assessment and risk treatment in the context of ISO 27001, the International Standard for Information Security Management Systems (ISMS’). Jack leverages his extensive experience assisting organisations to implement an ISMS and certify to the Standard to discuss:
- The purpose of a risk assessment
- How risk fits into ISO 27001 and its requirements
- How to conduct an information security risk assessment
- The actions you can take to treat the risks you identify.