Mark O'Kane

In this episode of InfoSec Insider, Mark O’Kane, Consultant at URM, offers his insights into the legal, regulatory and contractual-related controls (A.5.31-37) from Annex A of ISO 27001:2022 and how they can be effectively implemented by organisations.  Mark draws upon his extensive experience assisting organisations to certify against the Standard to discuss:

• The requirements of the legal, regulatory and contractual controls and how they fit into the overall aim of the ‘Organisational’ control theme
• How the legal controls help to prevent breaches of legal, statutory, regulatory or contractual obligations related to information security
• How to put controls A.5.31-37 into practice.

In this episode of InfoSec Insider, Mark O’Kane, Consultant at URM, offers his insights into the information security management controls within Annex A of ISO 27001, which comprise the first eight controls of Annex A’s ‘Organisational’ control theme.  Mark leverages his extensive experience supporting ISO 27001 implementations to discuss:

• What the organisational controls are, and how the first eight fit into the overall aim of the ‘Organisational’ control theme
• The role of management and senior leadership in relation to information security, and how leadership is linked to the creation of information security policies
• The importance of segregation of duties and clearly defined roles and responsibilities in addressing information security risk
• How maintaining contact with authorities, special interest groups, and threat intelligence sources can help you address both security risks that may materialise and security incidents that have occurred
• Common challenges and mistakes associated with implementing these controls, and how they can be overcome.